How to reduce risks?

As in the case of the pandemic, it is unlikely to be completely secure, but it is quite possible to reduce risks. Here are some suggestions:

1.    Become a source of information. In order not to provoke rumors and reduce the influence of negative colleagues, speak with your employees in a simple manner and more often – through newsletters, via Skype, at offline meetings. Tell your team in plain language what exactly the management is going to do, how it will affect the staff and what they should definitely not be afraid of. This will not only reduce panic and remove frightening suspense, but also increase employee loyalty. 
2.    Use special mailbox for questions. It is not always possible to predict what is bothering people at a particular moment. Therefore, having one email address for collecting questions and suggestions is a good way to receive a feedback. To sort incoming emails, you can assign a temporary executor. This employee will select a relevant request, delete the duplicate and transfer the information further for processing. Based on employee requests, you can create a newsletter with answers and an up-to-date agenda for meetings. It will also help reduce stress among employees and take control of the situation.
3.    Prepare checklists and instructions. For example, if you think that employees will forget about information security rules during a crisis, then do not wait until one of them opens a phishing email. Prepare a checklist in which you recall all the basic information security rules. Show how non-compliance can end up, a couple of real-life examples that describe the consequences will help staff regain awareness. Instructions for employees who are switching to remote work will also help them adapt faster in new conditions.
4.    Implement basic tools for data protection and employee monitoring, especially if you transfer staff to remote work. This will solve several problems at once: it will ensure staff discipline and productivity, reduce the risk of information leaks and fraud attempts, and increase protection against accidental data leaks and external attacks.

Among the basic actions when switching to remote work: setting up a corporate VPN, configure VPN clients on employees’ devices, ensure critical devices protection, or use cloud PBX, etc. A system administrator can solve such problems in a short period of time. However, this employee will not understand the issues of information security and employee monitoring.

Moreover, if nobody used to be responsible for information security and risk mitigation tasks in your organisation before the crisis, then it’s high time your team started to. Although this will require investment of time, effort and money, the damage caused by sensitive data leaks or theft is still higher. 9 out of 10 companies faced similar incidents last year. In the crisis, these unpleasant numbers will only grow.

People by nature are always trying to make life easier, if there is no control an employee will surf on the Internet instead of work or perform tasks slowly, because there are no colleagues and no bosses. In case you are worried about employee discipline, there is a piece of practical advice you might want to follow when letting your team work from home:

       1.    Configure a connection with internal services via a VPN channel protected by two-factor authentication.
       2.    Check the availability of services, the bandwidth of the Internet channels and backup communication channels.
       3.    Install a service health monitoring system. The program is needed to promptly alert the specialists responsible for risk management to service disruptions.
       4.   If your employees go home with a corporate PC, ban them from accessing a corporate laptop's BIOS to prevent loading of the operating system from a USB flash drive; enable disk encryption; ensure they have all the data transferred via the Internet using port forwarding on a proxy server
       5.   If employees work on a personal PC, connect to a terminal server or VDI with the installed software which transfers data to the server of the solution you chose to protect your system; make sure they have their software and OS updated.

It is not the first crisis in our history. And although each of them has its own obstacles, something remains unchanged - human stereotypes and reaction patterns. A head of a company can foresee these reactions and prepare for the panic storm.