Remote Working and the Risks to Consider
Remote Working and The Risks for Management to Consider
The Covid 19 epidemic with subsequent restrictions placed on companies and private individuals has directly impacted ways of working. As a direct result many organisations including here at E-ZU have non-essential workers working from home. For many businesses this has meant rapid progressions in their IT infrastructure opening remote access.
IT directors, Risk Managers and Governance Officers have had to face new challenges, forcing new operational processes to be delivered in record time and consequently has created new entries for company risk registers.
A risk can be defined as; ‘the possibility that something bad might happen, this is the uncertainty around events or activities regarding something of value’.
Risks to companies come in all shapes and sizes, most risks to businesses are clearly identifiable, some are not. Most companies share similar risks on their risk register, these are typically categorised according to severity of impact and the likelihood of them occurring.
Traditionally there is a three-step framework to deal with risks:
- Eliminate – Remove the risk, stop the activity.
- Transfer – Pass the responsibility of the risk over to someone else, such as insurers.
- Mitigate – Put actions in place which reduce either the possibility of the risk occurring or reduce the severity of the impact should it occur.
As we have identified, the main risk discussed here is rapid role out of access to company networks from home, workers now isolated from their peers using new processes (and software) which they are unfamiliar with.
This environment has created the perfect opportunity for cyber criminals to attack company systems. There are reports of the exponential growth in cyber-attacks since the beginning of the Covid 19 epidemic with these aimed at company employees to circumvent security arrangements. This presents an immediate risk to your business and if not already, needs to be addressed.
We return to our risk framework and can now apply the 3 methodologies to address remote working risks:
- Eliminate the risk by removing the activity – In the current Covid 19 working environment It is unlikely we will be able to eliminate home working.
- Transfer – It would also be difficult to transfer the risk to Insurance, since many insurance companies would continue to expect you to mitigate against risk otherwise for them the event becomes a certainty and becomes uninsurable.
- Mitigate – Without the ability to eliminate or transfer against the risk we can only mitigate, either controlling the risk of the event occurring, or reducing the impact of the risk.
Identifying mitigation as the most effective way to control the risk I am deliberately assuming the IT apparatus is already using all the physical methodologies in place to reduce the likelihood and effects of any possible security breaches (Email Filters, Web Firewall, Privilege Control, Cloud back-up etc). If you are concerned about your physical protections, please feel free to discuss with E-ZU the options available.
Cyber-attacks are most often aimed at circumventing your physical security arrangements. It is now more important than ever to train your staff to understand cyber-criminal tactics. Let me introduce the term ‘The human firewall’, the intention here is for your staff to become the last line of defence against Cyber-attacks and become aware of the tactics used by cyber criminals.
E-ZU eLearning Management System
An all-in-one cloud solution built to inspire learning and fuel workplace productivity.
Our next-generation platform delivers tailored, up-to-date training content across a range of business-critical topics, via an extensive course library of over 5,000 videos, and the ability to add your own custom channels and content.
It’s simple to use and comes packed with powerful tools to manage training and track development, to increase learner engagement (with in-built gamification), and build a sense of community across your workforce – all under an affordable per-user/per-month pricing model.