IT Governance

Governance During Crisis: Steps that CIOs Must Take

Remote working has become an increasingly popular option for organizations in the light of COVID-19 pandemic. Social distancing has forced many employees across the globe to stay at home, meaning remote working is no longer an option but a necessity. However, the new set-up comes with new challenges. Information security, therefore, must be the top priority for CIOs. In this article at InformationWeek, Mary E Shacklett explains the questions that CIOs must ask themselves to assure that corporate governance and security are ‘up to the task’ for remote work.

Questions that CIOs Must Ask Themselves

Was a Remote Work Security Assessment Conducted?

  • How well protected are the network endpoints and IoT? As endpoints are the entry points for cyber-attacks and data breaches, you must ensure that endpoints are highly secured.
  • Is the IT policy well-defined for maintaining current operating system updates for all devices that employees use, and is it automated? “Every time Microsoft, Apple, or any other device provider upgrades software to patch a security ‘hole,’ the update should be synchronously pushed out to all the devices your employees are using to access your system,” says Mary.

Are Employees Aware of Security and Governance Requirements?

Develop a formal work-from-home policy and distribute it to your employees. This will help them understand the conditions of working safely from remote locations. The policy must mandate strong password selection and must emphasize the importance of storing assets on the cloud managed by your organization. Also, issue periodic messages with security tips.

Is Your IP Strong?

Use multi-factor authentication and data encryption to protect sensitive information and intellectual property. Identify IP-sensitive assets in the network and put in place hardened security access to safeguard that data.

Is the Organization Ready with a Disaster-Recovery Plan?

Your disaster recovery plan must contain procedures to intervene and mitigate a remote access security breach. The plan must include communication with the end-user and immediate shutdown of device access.

As with any cybersecurity risk, you can mitigate the issues caused by remote working through effective documentation. To read the original article, click on

Related Articles

Back to top button

We use cookies on our website

We use cookies to give you the best user experience. Please confirm, if you accept our tracking cookies. You can also decline the tracking, so you can continue to visit our website without any data sent to third party services.