BCG identified seven steps for company to protect themselves from cybersecurity risks while employees work remotely during the COVID-19 crisis

Summary:

1. Assess Core IT Infrastructure – Build a comprehensive inventory of devices authorized to company’s network ensure the security of their connections, while configuring firewalls, servers and collaboration platform to accept them
2. Secure Applications and Devices for the Remote Workforce – Encrypt all devices accessing the network, continue monitoring connections, establish comprehensive incident response plans, and install remote collaboration security protocols
3. Embed Cybersecurity into Business Continuity Plans – Incorporate cybersecurity provisions into business continuity plans, across several dimensions including: guaranteeing emergency remote access, training back up teams and leveraging third party support, putting clear communication plans in place, and adapting plans on current situation
4. Make Remote Workforce Aware of Added Security Risks – Train employees to use new tools securely, establish protocols for remote workers to authenticate each other, and create knowledge repository for working remotely
5. Establish Protocols and Behaviors to Prepare for Secure Remote Work – Expand and augment current support center, explicitly define proper behavior for remote work, adequately provide for remote meetings and collaboration
6. Embed Cybersecurity in Corporate Crisis Management – Update current crisis management plans to incorporate COVID-19 risks and implications, ensure that mission-critical technology and personnel are still functioning, maintain visibility on status of all employees, and provide frequent communications
7. Update Access and Security Measures – Ensure that executives and key personnel who have access to vital and sensitive company data are following strict guidelines and being more observant of potential security risks

Original publication date: March 20, 2020

Date last updated: April 2, 2020