The coronavirus (CoVid-19) epidemic is shaking the world. Living in Greece, we used to monitor the situation unfolding in China through the media not feeling very worried. But, since the last days of February, the virus knocked the doors of our neighbor Italy and before you know it, the first confirmed case was announced by the Ministry of Health spokesperson.
CoVid-19 forces a change in routine
On 10 March 2020, the Greek government announced that all educational institutions, public and private, suspend their activities for 14 days. It is a decision in the right direction. Containing the virus is made more effective by imposing movement restrictions and when citizens collectively embrace these restrictions, reads the first joint WHO-China report on coronavirus. At the same time, the government issued strong warnings to restrict movements of vulnerable groups, such as the elderly or the ones with medical history, to the absolute necessary.
Closing schools has a significant impact on how families and society function. My friend Katrina Dobieski suggested that we take advantage of this situation and have a book club to read our kids stories from books. What a great idea that is! Another great idea is to organize daily family excursions. After all, it is spring, nature is blossoming.
On the society level, our Prime Minister said that the government will approve emergency measures asking public and private businesses and organizations to help parents with flexible working hours and to promote policies for working from home. In fact, many analysts predict that the coronavirus epidemic will force companies to further expand policies for telecommuting.
Do you have a Business Continuity Plan?
The coronavirus outbreak is just another case which proves the need to ensure continuity of service. In today’s business environment, no company is isolated from incidents, which results in business disruptions. Unplanned events can have a devastating effect on all businesses.
Such unplanned events could be disasters linked to environmental crisis, natural disasters such as earthquakes, business shutdown due to national security reasons or personnel illness due to epidemic phenomena.
During the last few years, we have witnessed several disasters directly linked to environmental crisis. Phenomena like El Niño and disasters like Hurricane Katrina have caused severe disruptions in businesses, which were forced to shut their operations until the state of emergency was over. In fact, the latest World Economic Forum 2020 Global Risk Report has highlighted that “climate change and related environmental issues as the top five risks in terms of likelihood.”
National security reasons might be another reason for business disruption. Following the terrorist attacks in Paris and Brussels in 2015, the governments had imposed strict movement controls, leading many businesses to shut their offices. Even the European Union headquarters were affected, and personnel asked to stay at home.
"working remotely seems like a solution in crisis periods"
Working remotely seems like the answer to many of the problems raised during crisis periods. Remote commuting must be a strategic decision followed by careful planning to eliminate all loopholes. Good planning can help businesses to minimize the potential impact of such events. It is essential to plan thoroughly to protect yourself from the impact of potential crises. Failure to plan could be disastrous.
Given the threats to an organization when it exposes its assets to external access, there are some basic best practices that can make the path smoother for CISOs and IT security teams who are scrambling to maintain business continuity in times of crisis by enabling employees to work securely from home.
Strong and continuous authentication
Whether corporate assets and apps are in the cloud or on-premises, businesses need to implement a strong and continuous access management and multi-factor authentication solution to secure access to them. Such an authentication mechanism can protect enterprise and cloud applications at the access point, the employees’ laptop, by preventing man-in-the-middle and account take over attacks. At the same time businesses will ensure that employees can have an easy way to log into the applications they need—from home, or any other location outside the office.
Securing your employees’ remote access to corporate resources and apps is not enough. You will need to plan how to protect your most precious asset, your data, while it is either in transit or at rest. Data breaches are usually privacy breaches, since most of this data is about employees, customers, financial data or even PII. Privacy breaches can result in severe penalties under data protection regulations such as GDPR or CCPA.
Even if a data breach is not a privacy violation, it may entail industrial espionage by state-sponsored actors who may take advantage of the crisis to steal precious sensitive or secret data. In either case, any data breach will harm your business’ reputation significantly, which also means loss of revenue when customer trust is damaged.
While it is crucial that businesses restrict who can access sensitive data, it is encryption that ensures this data cannot be used in the event it is accessed by unauthorised personnel. Therefore, businesses must understand where their most valuable data is stored before this step can occur. Regardless of where it is stored – on their own servers, in a public cloud, or a hybrid environment—encryption must always be used to protect data.
When data is encrypted, an encryption key is created. These keys are necessary to unlock and access encrypted data. Consequently, businesses must ensure that these keys are securely stored. Encryption is only as good as the key management strategy employed, and companies must keep them in secure locations, such as external hardware away from the data itself, to prevent them being hacked.
The suggestions for access management and data protection should be considered carefully by all businesses wishing to maintain business continuity in times of crisis. While your enterprise may have to operate differently during time of crisis, you can still deliver the same level of security and ease of use for employees when they access apps and services from home.
Measures to protect public health can serve as a reminder of the importance of being capable to maintain business continuity in a consistent and secure manner. Go ahead and review your plans and ensure you have complete visibility on your assets, apps, data and encryption keys.