COVID-19: Company Security Policies Haven't Kept Up With A Remote Workforce

August 21, 2020
Michael Guess
Cybersecurity

The COVID-19 pandemic has impacted everyone and changed how businesses operate. For safety and health reasons,many employees work from home which has created new both new opportunities and new problems.

In years past, remote work was generally done sparingly or relied on select equipment such as a smartphone to get email and take calls. Most businesses invested in network infrastructure that could be contained to particular building or facility to securely conduct business.

In order to get businesses back up and running remotely, many companies took shortcuts on cybersecurity. IT systems for many businesses have not evolved and remained up to date to enable employees to securely operate from home. Relying on VPN solutions is not a panacea,as the recent Pulse Secure VPN hack has shown. Beyond that, business IT infrastructure is often not kept up to date in the best of times as businesses juggle the costs and benefits of expensive cybersecurity investments. The costs of not keeping systems up-to-date or using outdated encryption are now outweighing any short-term budget benefits. Since COVID19 swept the country, data breaches are up a whopping 273% compared to the same period last year. A large company can expect a 10 -100 million records to be breached.  

Per CNBC’s recent article on cybersecurity it’s worth calling out one quote in particular:

“With the mass shift to remote workforces, the corporate perimeter has been broken. This is compounded by the reality that most home networks are insecure, and household smart devices are vectors for attack,” said Tom Kellerman, head cybersecurity strategist at VMware Carbon Black, a cybersecurity firm.

Just a month ago, Garmin saw its systems afflicted by ransomware which shut down its customer facing system that provided individual fitness metrics to its customers. Many companies share far more detailed and personally identifiable information (PII) with third-party vendors than whether or not aperson hit a new personal best.

This is why it is absolutely critical that businesses take the necessary steps to find out how secure their data really is in the hands of trusted third parties. A company attesting to ‘commercially reasonable’ security is no longer good enough. The third-party vendor may be the one hacked, but it’s your company’s name that will make the headlines.

Venture Lynk’s Vendor Risk Management Services offer a full suite of due diligence tools that can help your business better manage your vendors, mitigate any risks, and more importantly, make better decisions to help ensure your company’s financial and brand well-being.

Visit www.venturelynkfinancial.com to schedule a Vendor Risk Management and Cyber Security Assessment or contact Venture Lynk at 213-421-3050.