Updating Security Practices
Best Practices for a WFH Environment
Based on Morris, Manning & Martin, LLP’s recent article “Potential Regulatory Scrutiny Of COVID-19 Remote Work Cybersecurity Risks”, and as more organizations shift to a remote based workforce, we agree that there is a heightened need to stay vigilant in addressing cybersecurity risks and cyberattack threats related to new remote working environments – and it’s clear that the regulators expect the same.
The New York Department of Financial Services (“NYDFS”) issued guidance on March 10, 2020 asking regulated institutions to supply assurance that their institutions were prepared to address the operational and financial risks associated with COVID-19 including security of remote work and access, and a possible increase in fraud and cyberattacks.
Additionally, SEC Chairman, Jay Clayton, expressed that companies should “provide investors with insight regarding their assessment of, and plans for addressing material risks to their business and operations resulting from the coronavirus … to keep investors and markets informed of material developments.”
We should anticipate companies may experience higher volumes of phishing attacks using unsubstantiated news headlines related to COVID-19 to solicit clicks on hyperlinks and attachments infected with malware.
As business operations shift to a remote based workforce, firms should consider:
- Staff training on key issues including:
- Email phishing, and appropriate procedures to report attempts,
- Safe handling of confidential information and
- Appropriate use of company devices vs. personal
- Network and access protections including:
- The implementation or update of secure networks and
- Use of multi-factor authentication (“MFA”) tokens for employees across systems if not already in place
In accordance with industry best practices, BasisCode will be enforcing the use of multi-factor authentication (“MFA”) on its compliance suite for clients, and their users, not accessing the platform by way of a single sign-on connection as of April 30, 2020.
As an audit-ready platform, BasisCode has been designed to contemplate many of these key considerations while offering the framework for your team to deploy and document your policy changes and risk management efforts as your business practices and operations evolve.
To help our clients navigate these short and long-term challenges, we remind you of our continued efforts ease some of their burdens.
We are offering existing clients (complimentary for all of 2020) additional “Dashboard Users” for access to one of our leading consultants to assist with any temporary needs. Contact a consultant of your choice from the “Market”. If it’s a good fit, simply add them as a Dashboard User to your environment.