COVID-19: addressing your organisation’s cyber risk and data privacy response measures

We recently hosted a webinar in which a team of experts discussed the short- and long-term effects that coronavirus will have on organisations.

COVID-19 Cyber Risk and Data Privacy Response featured Camilla Winlo, DQM’s director of consultancy services; Geraint Williams, GRC International Group’s chief information security officer; and John Potts, GRCI Law’s head of DPO, DSAR and breach support.

The presentation is free to download from our website, but if you’re in a hurry, we’ve outlined the key takeaways in this blog.

Make sure employees are equipped to manage threats

As we approach two months of lockdown, there’s a danger that organisations will overlook the continued challenges that employees face.

It’s easy to fall into the mindset that, having overhauled your processes to adapt to a remote working environment, nothing more needs to be done. However, just because nothing has gone wrong yet doesn’t mean you’re in the clear.

Ask employees whether they have everything they need to follow your information security policies and processes, and give them the necessary education to tackle threats.

This should include lessons on the risks that come with remote working and specific threats, such as phishing.

Keep an eye on your offices

Has anyone been back to your offices since the lockdown began at the end of March?

Although unsolicited parties shouldn’t be dropping by your office, we wouldn’t rule out the possibility of a miscreant trying to break in or vandalise the property.

It’s therefore worth having someone visit the office occasionally to make sure everything is as it should be.

Is your incident response plan still appropriate?

With your employees working from home, there has never been a worse time to suffer a data breach or cyber attack.

The dispersed nature of your workforce means communication will be slower than normal, and disruption to servers could knock you out of contact altogether.

Things won’t get much easier now that lockdown measures are easing, as you’ll face new challenges that come with social distancing practices in the office.

It’s therefore essential that your incident response plan accounts for these possibilities. You should know by now how COVID-19 affects your ability to operate, so problems may well be self-evident when you review your procedures and documentation.

Use the disruption as a learning opportunity

The pandemic is a once-in-a-lifetime disaster (one hopes, anyway), but there are still plenty of other ways your organisation could suffer similar disruption.

For example, a severe weather event or infrastructural damage to your office could force your staff to work from home for a prolonged period. These aren’t as catastrophic as a global pandemic, but they are still major problems in terms of your organisation’s ability to function.

Fortunately, you now have first-hand experience of how to deal with a disaster, so you should take this time to review which response measures work and how you can prepare for when anything like this happens again.

Watch the presentation in full

You can find more advice by downloading our COVID-19 Cyber Risk and Data Privacy Response webinar.

You might also be interested in our other presentations on the ways that coronavirus has affected business: Managing cyber security and privacy risks with inadequate resources and Surviving tomorrow’s cyber-attacks: resilience and cost-reduction.