Don’t Overlook These 6 Vulnerabilities from Quick COVID Response

Looking for risks in the strategic plan

Transitioning to digital services, remote work, and virtual engagement were all part of the evolution of the workplace. But when COVID-19 swept through the country, companies had to make quick decisions on how to protect the health and safety of their workforce while continuing operations. In fact, companies moved to remote environments 40 times faster than they initially anticipated prior to the pandemic. Initial estimates showed this shift to take up to a year to complete. This lightning fast reaction to the unfolding public health crisis exposed companies to unforeseen risks and oversights. As workplace adjustments continue, don’t lose sight of some continuing vulnerabilities.

1. Sidelined projects

For many companies, budgets for projects and initiatives had already been decided in early 2020. As the effects of COVID-19 reached the broader economy, resources had to be reallocated to support the massive shift in business operations. As a result, projects and initiatives were set aside or became lower priority. It is important to review what stage your program initiatives were suspended and document the status of each effort. Determine what you need to get back on track and how to implement a strategic plan once operations more closely resemble normal. Conduct a project review to see what lines of effort can be halted long-term and the process by which the initiative is determined as complete. Look for opportunities in obsolete projects and revive them in new and creative ways.

2. Personal Device Use

The rapid shift to remote work, and the massive expense and logistics needed to purchase and distribute devices, led some companies to allow workers to use their personal devices for work purposes. These devices cannot be regularly evaluated and maintained for security, so they are vulnerable to compromise. There are various access points into the user’s system, such as unsecured wi-fi, weak passwords, and outdated virus protectors. Though many companies have internal systems or intranet, it is not impossible to save sensitive company information on a personal or remote device. Without visibility, data can be hacked, stored, or exploited. In addition, households with school aged children may be sharing a single device, which could lead to compromised information. Create and maintain a bring your own device policy to prevent data and information losses.

3. Secure service delivery

Workplaces with remote staff may experience technical issues or require additional security updates, but IT departments may only have limited remote access to make these changes or repairs. If physical facilities are temporarily shut down, security updates may not be happening because of the in-person nature of the process, or the scale to which those tasks must be completed. As companies adopted technology, in many cases at a rapid rate, there was limited time to understand the complexities of new tools. Company reputations are tied to digital security, and discerning consumers want to be sure their data is safe. Make routine service delivery a priority and establish a process for updating and maintaining company equipment used outside of a physical location. Remote workers should know the latest in security developments and how to communicate concerns as needed.

4. Lapsed training

In many industries, continuing education and training opportunities come from conferences, trade shows, or in-person workshops. According to an April 2020 survey, 86% of event professionals cancelled or postponed their events as a result of the pandemic. With that trend expected to continue, employees may not be able to meet certification or compliance requirements. This narrowing of opportunities could create a backlog or delay, and postponing training could mean missed deadlines. Adapting to this challenge requires leaders and compliance professionals to be creative in supporting continued education. This may mean finding suitable virtual alternatives or conducting training internally. Capturing the energy and interaction of in-person events through polls, breakout sessions, and engaging visuals will help training resonate.

5. Digital product portfolio

In response to social distancing requirements, customers demanded digital solutions to continue doing business outside of a physical location. In response, companies begin adding online service options, such as telehealth, e-commerce, customer service chat features, and contactless delivery. The adaptation of more technology into operations and services creates a larger digital portfolio. Executives from healthcare, finance, and professional services saw twice the number of digital products in their portfolio compared to other industries Adding software, products, and devices means managing the security requirements, and risks, of those items. Some of the services may be provided by third-party vendors, which may not comply with the same rigorous security standards as your organization, so it’s important to understand the connections within your network.

6. Incomplete continuity plans

Now that companies have adjusted to a remote working environment, the time will come when considerations must be made for the return to a physical workplace. Workplace architecture may have changed, with the removal of common spaces, workspaces spread farther apart, and staggered arrivals. Without a comprehensive continuity of operation plan, companies could experience disruption and productivity loss. As a cost saving measure, 32% of organizations have replaced a full-time employee with temporary employees, creating what’s known as a liquid workforce. These non-permanent employees must function in a flexible team and adapt quickly to an unfamiliar workplace. Having a robust hiring and training process will help the whole workforce maintain compliance standards and adhere to industry best practices.

Leave a Reply

Your email address will not be published. Required fields are marked *