EY Asia-Pacific Cyber Security Leader Richard Watson says many organisations, even at the top end of town, are unprepared for remote working at scale in this new environment, meaning seemingly small things such as updating policy and procedures for the new normal, can be overlooked.
He suggests making that a priority, and then communicating these to staff. Rearticulating what company policy should be also helps crystallise those critical actions the business and its workforce need to take while moving to a new BAU.
Then, map what happens if people fall sick and can’t work. Contingency planning means thinking about access to a resource augmentation model. This is akin to a “Security as a Service” model, where another organisation such as EY can help out by dropping in people virtually to backfill as an extension of the home team, to help keep critical functions operational.
“For organisations have built monitoring systems for cyber alerts and incidents that have learned how to monitor over a certain network profile where everyone is in the office and data is flowing within that office environment,” Watson says, things will change rapidly. “Suddenly all those models are thrown out the window because now you’ve got a very different kind of network profile which severely impairs them.