HP Development Company, L.P. wanted to reach out to let you know you, your safety and security are in our thoughts. Just like practicing good hygiene to ward off germs, which has included many organizations taking incredibly swift actions to help in the efforts to curtail the spread, this is a fantastic reminder to not overlook cybersecurity hygiene. One of the efforts to curtail the spread has included requesting individuals to work remotely, telework or work from home. This particular request to work remotely brings some very real cybersecurity hygiene issues.

Corporate Information Security Governance

Reviewing your current cybersecurity governance, which includes the information security policy and other similar policies to ensure established security guidelines for remote work and remote access to company information systems is adequately outlined for your employees. If your organization already has many remote workers, it is likely these already exist, or this may be covered in your resiliency plans or disaster recovery plans. This may also be addressed in your bring your own device policies, where employees have to opt into a set of corporate mandates and policies if they use their own device. If nothing exists or your cybersecurity governance is not adequate, this is the right time to establish a policy or at the very minimum to layout industry-recognized best practices and/or industry-recognized basic guidelines to address remote access to, and remote use of, company systems by employees, and to spell out if personal devices may be used to conduct company business, and under what constraints.

Formal Organization Security Communiqué

Managers should be very familiar with applicable security guidelines, security plans, and policies, and ensure that pertinent information is shared with their respective teams and throughout the organization, if they exist. It is critically important that all levels of the organization are aligned on implementation of cybersecurity and cybersecurity hygiene. It is essential to remind employees they are accountable and responsible for adhering to the company’s cybersecurity guidelines, policies, etc. Consequently, providing adequate cybersecurity guidance to all employees is critical, and it is recommended to send a companywide security communiqué to share the recommended cybersecurity guidance.

Security Event Preparation

Each organization should review their formal incident response plans to ensure each organization is prepared to respond to a cybersecurity event. Update the plans as necessary, and where, as a result of the global health crisis a requirement to work remotely has been introduced, include contact information for the (now) remote incident response team, which may include external advisors. Utilizing remote workers increases the security risk and increases the need to have a formal plan in place for when and if…READ MORE