Strategy Day 8 Don’t Neglect Compliance
Maintaining regulatory compliance is mandatory for many organizations. While navigating and satisfying the obligations can be complicated and stressful, achieving compliance is a critical component of having a cyber ready business. Security and privacy are integral elements of compliance.
The current situation requires that many businesses to employ work from home availability to key employees. Even fi you were compliant before the Covid restrictions, you need to seriously review which employees are able to work from home. You also need to thoroughly assess the work from home environment they will be working from. Industries that deal with PII or PHI need to be particularly vigilant.
The work from home environment must meet many criteria in order to keep your business compliant with regulations.
A few examples could be:(please realize that I am not giving legal advice here on this article. The outlines and opinions shown here are my own and you should consult with your attorney about legal ramifications and regulation interpretations.)
- Dedicated computer with operating system up to date including security patches.
- This means that no other person or family can login, access or otherwise use the computer at all. This includes the kids or spouse checking their email, facebook, playing games or streaming broadcasts. This can be easier than you think.
- Antivirus and antimalware software installed and up to date.
- Installed and updated as well as being turned ON at ALL TIMES. Your network access policies and procedures should confirm this at every login and have a way to automatically remediate any issues.
- Means of secure connection to company network.
- There are several options that are free or low cost and can be easily implemented. Again, your network access policies and procedures should confirm this at every login and have a way to automatically remediate any issues.
- Proper and restricted access environment.
- This means NO KITCHEN TABLE office. The home office should have a lockable door. If that is not possible a lockable physical media storage appliance (file cabinet) as a minimum. I personally feel that a lockable door is a very and cost effective means of security for a work from home office that is simple to implement as well.
There are many more items that need to be considered as well this should at least get you thinking. I have a few resources available that you can download. You can access them here.
Let us take the stress out of compliance for your business.
PS – Not all businesses are required to comply with regulations but all should have a mandatory compliance policy within their organization.