Risk Management In The Age Of Covid-19

Being reactionary is never a sound long-term business strategy. But the global jolt that came down in March of this year — as the little-understood Covid-19 virus took off around the globe — gave corporate leaders little choice. Ways of working — and thus managing information — had to change as quickly as possible to ensure the safety of the organizations' workforces.

Unfortunately, at least in the United States and several other nations, that initial reaction is now transitioning into, at least for the medium-term, the reality moving forward.

This means the data security hazards posed by third-party vendors have to be incorporated into overall risk management, which is particularly important in the finance industry. Remote work arrangements oftentimes necessitate dependence on the cloud and the third-party suppliers integral to its functioning. Pondering the ramifications of the exposed Wi-Fi networks of employees in any industry working from home brings a shudder.

Third Parties Are Here To Stay

Now that the initial dust has settled, gauging the risk of crucial vendors is paramount. Everything from the pre-Covid days regarding the monitoring of information exposure posed by third-party players has to be reexamined and, most likely, tightened up substantially.

Automation can be your friend when creating stable, expansive and constant assessment of cybersecurity dangers — don't think that the sophisticated designers of malware and cyberattacks don't see the opportunity Covid-19 has given them. This includes not only the monitoring of internal operations but also creating a dynamic database of vendors' ongoing security performance and history.

A chain is only as strong as its weakest link. A significant part of managing risk for an organization is fully assessing the weaknesses of the other entities networked to it.

The security rating of vendors needs to be assessed on a regular schedule — the tighter the better — and very much considered during the bidding process. Things happen fast in the cybersecurity realm and staying on top of that is a requirement in the best of times. Institutions that are widening their data network quickly and under pressure — and in the process becoming more dependent on the third-party vendors necessary to make the cloud function — does not represent the best of times from a security perspective. Data-driven evaluation and decision-making are vital.

The security realities of all third-party vendors have to be tracked — and if need be, reacted to — on a nearly constant basis. Again, artificial intelligence (AI), machine learning (ML) and robotic process automation (RPA) can all be harnessed to create the kind of constant monitoring needed to build robust risk management in the Covid-19 age.

The plan of attack to follow when an issue with a vendor is discovered should be preordained, not thrown together in real time. As the unwillingness of several U.S. states to follow the protocols put in place to guide their economic reopening have shown, not having a serious plan — and following it — can lead to disaster. You should have realistic contingency plans with vendors for when security issues arise.

An Exposed Workforce

Among the people whose lives have gotten a lot harder over the past few months are corporate executives and their teams responsible for network security. The sudden transition to remote work had to happen. But the rapidity at which it unfolded put security teams on their heels to keep sensitive information safe, like banking info, financial records and more.

The issues are manifold. The home Wi-Fi systems that most employees use are rife with vulnerabilities to hacking, snooping and data capture. Easily ascertained passwords, phishing emails and nonencrypted files are an easy target, and it's difficult for system administrators to reach out to each member of the far-flung network of employees working from home.

As with managing the risk associated with vendors, every current practice regarding telecommuting must be closely examined for any weaknesses. Training is paramount as well. Creating workable, flexible protocols for employees — and then hammering them home with the information needed to ensure they are complied with — is simply a new, significant cost of doing business and managing risk in the current environment.

Look Ahead, Not Behind

Again, a key factor is not just reacting when a specific risk has been recognized and figuring something out. Thoroughly and completely plan the steps that will be taken when what is not the unthinkable — but rather the very thinkable — occurs, and data is at risk. Be ready to spring into action immediately when there's a security breach that could affect financial data.

The fact is that expanding workplace flexibility to include telecommuting requires expanding the access points to data. This heightens the possibility of data capture by outside entities. Heightened risk is inevitable.

Managing this risk is simply another thing that Covid-19 is necessitating. Companies have to develop techniques to quickly identify risk through systematic protocols, organizational culture change and arduous interaction with third-party vendors and employees.

This article originally appeared on Forbes.

Popular

More Articles

Popular