The COVID-19 pandemic has forced many employers to close their businesses, whilst others have found that there is a reduction in their workforce requirements.
Many companies have had to enable working from home; the majority in a time crunch and without the necessary experience or preparation, resulting in their technological resources being pushed to the limit.
Companies´ compliance, legal, audit, technology and security departments have all been working for years to create and improve control measures and put in place procedures for action and adaptation to regulatory requirements (GDPR, competition, etc.). However, as a result of COVID-19, many companies are beginning to feel vulnerable as several of the implemented measures and policies, which were rigorously employed, are becoming difficult to apply and maintain in this complex situation.
The combination of teleworking and furloughs can lead to situations not covered by the security and control protocols of companies. Therefore, it is essential to consider the importance of information security and implement the necessary measures to preserve and protect company data. The most relevant factor is that millions of employees are making intensive use of the technological means made available by their companies for their professional duties (laptops, smartphones, tablets, email, the cloud, etc.). In this context, it is critical to define protocols for work, monitor and control employees, of their use of technology and access to company servers and information. Additionally some of these employees could unfortunately be affected by a furlough.
Company IT systems must continue to operate at full capacity to enable workers carrying out their professional activities. However, due to the uncertainty of the present situation, the security and safeguarding of sensitive business information may land on a back burner. The risk of suffering losses of data and information increases significantly in these circumstances, which can lead to economic losses, reputational damage, etc.
Various measures can be implemented effectively and efficiently, to safeguard and guarantee the integrity of information.
Some examples of these measures would be as follows:
If these measures have not already been implemented, companies should take note and adopt as soon as possible all the necessary measures to protect and secure their data, as well as those devices and/or corporate media that may store them.
Managing Director, FTI Consulting
Senior Director, FTI Consulting