Remote Working and the Risks to Consider
Remote Working and The Risks for Management to Consider
The Covid 19 epidemic with subsequent restrictions placed on companies and private individuals has directly impacted ways of working. As a direct result many organisations including here at E-ZU have non-essential workers working from home. For many businesses this has meant rapid progressions in their IT infrastructure opening remote access.
IT directors, Risk Managers and Governance Officers have had to face new challenges, forcing new operational processes to be delivered in record time and consequently has created new entries for company risk registers.
A risk can be defined as; ‘the possibility that something bad might happen, this is the uncertainty around events or activities regarding something of value’.
Risks to companies come in all shapes and sizes, most risks to businesses are clearly identifiable, some are not. Most companies share similar risks on their risk register, these are typically categorised according to severity of impact and the likelihood of them occurring.
Traditionally there is a three-step framework to deal with risks:
- Eliminate – Remove the risk, stop the activity.
- Transfer – Pass the responsibility of the risk over to someone else, such as insurers.
- Mitigate – Put actions in place which reduce either the possibility of the risk occurring or reduce the severity of the impact should it occur.
As we have identified, the main risk discussed here is rapid role out of access to company networks from home, workers now isolated from their peers using new processes (and software) which they are unfamiliar with.
This environment has created the perfect opportunity for cyber criminals to attack company systems. There are reports of the exponential growth in cyber-attacks since the beginning of the Covid 19 epidemic with these aimed at company employees to circumvent security arrangements. This presents an immediate risk to your business and if not already, needs to be addressed.
We return to our risk framework and can now apply the 3 methodologies to address remote working risks:
- Eliminate the risk by removing the activity – In the current Covid 19 working environment It is unlikely we will be able to eliminate home working.
- Transfer – It would also be difficult to transfer the risk to Insurance, since many insurance companies would continue to expect you to mitigate against risk otherwise for them the event becomes a certainty and becomes uninsurable.
- Mitigate – Without the ability to eliminate or transfer against the risk we can only mitigate, either controlling the risk of the event occurring, or reducing the impact of the risk.
Identifying mitigation as the most effective way to control the risk I am deliberately assuming the IT apparatus is already using all the physical methodologies in place to reduce the likelihood and effects of any possible security breaches (Email Filters, Web Firewall, Privilege Control, Cloud back-up etc). If you are concerned about your physical protections, please feel free to discuss with E-ZU the options available.
Cyber-attacks are most often aimed at circumventing your physical security arrangements. It is now more important than ever to train your staff to understand cyber-criminal tactics. Let me introduce the term ‘The human firewall’, the intention here is for your staff to become the last line of defence against Cyber-attacks and become aware of the tactics used by cyber criminals.
The E-ZU eLearning Portal – FREE for 100 of your staff members for 14 Days
To help organisations with their end-user cyber-security awareness training, for a limited period we’re offering free fully-fledged access to the E-ZU Advanced eLearning Platform for up to 100 staff members.
Our free service includes full, unrestricted access for up to 100 users/staff members within an organisation. There is no obligation to purchase anything thereafter, no credit card information is needed, and no auto-renewals of any kind.
The free service offers a fully-featured service that contains in-depth training courses for End-User Security Awareness, the entire Office 365 platform (including Microsoft Teams), and much more – across 5,000 up-to-date training videos. We will also provide free set-up consultation with one of our technical consultants to make sure your users can take full advantage of the training that matters most to your organisation. Find out more about the E-ZU eLearning Portal