Securing a Remote Workforce
We are fortunate to have today’s advanced technologies that allow so many of businesses to offer...
As we continue in the new year, it is vital to make sure that your organization has all its technology policies up to date. As the pandemic continues to change the way we live and work, your business policies should reflect that so that your organization is able to grow and thrive.
A disaster recovery plan (DRP) ensures that all of your systems, data and personnel are protected. It is a vital part of business continuity. Making sure that your organization has identified and defined its disaster recovery strategies could make or break your ability to pivot quickly in the event of an emergency or data breach.
A disaster recovery strategy will begin with determining what applications are vital to keeping your organization running. From this strategy, you can develop a plan to describe how you intend to keep those important applications functioning.
When determining your business’s recovery strategy, you should consider your budget, insurance, resources (both people and physical facilities), technology, data, vendors and suppliers, and any applicable compliance requirements. Your recovery strategy should also align with the overall mission and goals for your organization.
DRPs can and should be specific to your organizational context. Some specific examples for DRPs includes Network DRPs, Cloud DRPs, Data Center DRPs, and Virtualized DRPs.
A DRP can be very basic or exhaustive. A DRP checklist includes identifying critical IT systems and networks, prioritizing which systems are most crucial for business operations, and outlining the necessary steps required to restart, reconfigure, and recover systems and networks. All employees should have a basic knowledge of the emergency steps to take in the event of an incident or breach.
A good disaster recovery plan is constantly evolving, taking into account new people, processes, and technology and should seek the input and engagement of an entire organization from the top down.
As more organizations adjust to having a portion of their workforce work remotely (either full time or hybrid), it is important to be aware how this can increase the risk for cyberattacks.
A BYOD policy enables your employees to use their own devices—smartphones, tablets, laptops, etc.—for work. It is a growing trend in the workplace, but for the safety of your organization, there are a number of things you should address in order to reduce risk, increase security, and to enhance the employee experience.
A well-designed BYOD policy can save your business time and money (and headaches!). Here are pim’s recommendations for an effective BYOD Policy.
Having password protections on devices should be non-negotiable. We also recommend using multi-factor authentication as often as possible and changing your passwords every 90 days.
Company data belongs to the company. But this information is held upon a privately owned device. How much right to privacy does this employee have if their personal data sits next to sensitive client data? A thorough BYOD policy needs to address how you protect your company data while also ensuring the privacy of your employees. Some companies choose to tell their employees to expect no privacy when using personal devices for work purposes.
All company data should be encrypted, password protected, and only transferred on company approved applications.
Your BYOD policy should mandate that employees keep their personal devices used for work up to date with security patches and updates. These updates help provide protection from known risks. Keeping devices and applications up-to-date is part of overall digital security.
Make sure that your team has a list of approved devices, or else your employees may establish their own apps to use. Make sure to include all appropriate applications that secure messaging, email, and your CRM. Make sure also to include a list of forbidden apps, if you choose to forbid some applications.
Procedures should be in place in your BYOD policy that outline how company data is to be removed from personal devices. Furthermore, upon any termination, an organization is obliged to ensure that all company data is removed from all devices and all permissions from company applications should be revoked.
Make sure that all of your policies—be they disaster recovery, work from home, or bring your own device are easy to understand. This will enable you to get greater buy in from all stakeholders and better secure your client data and networks.