As we approach the end of 2020, it has become clear that the COVID-19 pandemic is not a passing storm or something that we can wait out before returning to a familiar business routine; it is the new normal. With change in business models, virtualization and digitization, risk management, specifically with regard to cybersecurity and privacy, has to be viewed with a different lens. Some questions to consider include:
- What are the additional precautions that organizations need to put in place in their customer agreements?
- Will the existing security clauses in customer agreements still hold up in the new normal?
- With employees working from home, will homes be subject to physical audits?
- Will individual cyber insurance become mandatory?
- How will physical security controls look in the new way of working?
- How will closed-circuit television (CCTV) cameras be able to detect people with masks on?
- How will phishing attacks be handled?
- How will the risk of deepfakes be handled?
- Will boards’ roles change with respect to cybersecurity and privacy?
The shift to the new normal requires a rapid and holistic risk assessment approach, and rapid mitigation strategies to tackle the uncertainties of the new era. Some practical tips for security professionals to follow in their day-to-day jobs in order to mitigate risk include:
- Re-evaluating customer engagement (including contracting) and security requirements as defined by customers.
- Understanding the increased data security and privacy challenges and risk brought by virtual workforce engagement, remote onboarding and offboarding, and work from home, and how best to address them.
- Considering including cyber insurance in employee compensation and benefits packages.
- Increasing security awareness among employees.
- Ensuring the organization’s security monitoring process protects personally identifiable information (PII).
- Manging PII data throughout the entire lifecycle.
Editor’s note: For further insights on this topic, read Deepa Seshadri’s recent Journal article, “Security and Privacy in the New Normal,” ISACA Journal, volume 6, 2020.