Maintaining effective internal controls during remote operations relies heavily on effective IT General Controls, cybersecurity safeguards, and data privacy. Remote work environments create new risks for companies, as management attempts to navigate a new digital reality using a virtual workforce. It is critical that management plan ways to mitigate IT risks in this new environment.
Here are five quick tips to ensure you meet IT Compliance & Data Security requirements during a pandemic:
Reinforce IT policies and procedures
It is important to remind users of their responsibility regarding effective IT controls and behaviors. Many companies are taking time to re-train and reinforce IT security expectations to their employees.
Focus on maintaining effective access controls
Make sure to document all approvals for system access (even if just via email) and remove access quickly when no longer needed. Companies are seeing an influx of system access requests, as users need to login to systems remotely or may need to access new systems to help fill resource gaps.
Consider testing IT General Controls earlier in the fiscal year
Due to the high volume of change occurring in IT environments, the likelihood of IT control failure increases. Testing controls earlier in the year will provide more time to remediate prior to year-end.
Protect confidential information and dispose of it when no longer needed
It is important to protect confidential company information when accessing it outside of the office. Don’t use personal email accounts for business purposes, since they are not typically as secure as your business email account. Store hard copy documents in a secure physical location, and make sure to dispose of documents securely using best practices when finished. Don’t share or write down passwords, where they may become compromised. Instead, go through the proper access control process to request a new account and obtain approval.
Encrypt your data
Home networks may not have the same level of security as corporate networks. It is important to secure home wireless networks and avoid public wi-fi. Enabling wi-fi network encryption at home is simple, and there are numerous online tutorials. Also, when using online tools to conduct business, make sure they are approved by company IT and have HTTPS/SSL encryption enabled (Tip: look for HTTPS in the website URL, instead of HTTP).
Bonus Tip: Train employees on the latest attacks
Beware of COVID-19 phishing attempts and other scams. Phony email messages, phone calls, and other communications are becoming increasingly common, attempting to steal payment and other information from victims. Inform employees to watch for suspicious emails or other communication and provide them with examples.
Remote operations create a new level of complexity and new challenges for IT internal control stakeholders. Additional IT requirements, new physical work environments (home offices), and distributed technology open the door for control failures and external cyberattacks. However, this also presents an opportunity to strengthen controls and enable new modes of operation that could benefit your company in the future. By continuing to focus on established policies and security best-practices, companies can overcome the compliance obstacles presented by remote work and emerge even stronger.
Bringing it all together
As you navigate the challenges of IT security and compliance during COVID-19, our IT Risk & Compliance team is here to help. We understand the complexity of technology and can assist with risk assessments, SOX compliance, automation, IT governance, and IT controls. Our core strength is guiding companies through change, and we are ready to jump in. Ready for a solution? Get in touch!
Other Helpful Resources:
- COVID-19 and InfoSec: What You Need to Know from IANS
- COVID-19 Security Resource Library from the National Cyber Security Alliance
- CISA Information & Updates on COVID-19
- The IIA COVID-19 Resource Exchange
The post 5 Quick Tips for IT Compliance & Data Security During COVID-19 appeared first on Bridgepoint Consulting.