On September 15, 2022, WebMD, a credible medical news source, issued a statement that the end of the COVID-19 pandemic is approaching. The WebMD news brief noted that the World Health Organization reported COVID-19 deaths dropping to their lowest count since March 2020. With the world opening up more quickly than before, since the COVID-19 pandemic, it is important to ensure that your organization and its employees are still practicing their best cyber hygiene controls.
Many client organizations and auditing firms are eager to get back into the swing of in-person visits and audits. With this adjustment, organizations will be required to analyze not only their logical access controls over sensitive and confidential information as they relate to device use, but now again they must analyze physical access controls. Prior to permitting employees to travel, an organization must identify the additional controls that may have been waived due to its movement towards a remote only working environment.
When performing this assessment, organizations that do not have an internal audit department may request the assistance of an auditing firm. Whether the assessment is performed internally or by an external party, personnel must ensure that security features, software, and practices on all devices that store, process, and transmit sensitive and confidential information are up-to-date. Organizational owners should be formally assigned to ensure that due diligence is considered before, during, and after travel takes place.
Such considerations that are critical to ensuring that sensitive and confidential information remains secure at all times during business travel include, but are not limited to, the following:
- Ensure that all devices are encrypted.
- Enforce strong passwords, in addition to other authentication methods (i.e., PIN numbers, fingerprint or face identification), to protect your devices. Passwords and codes should be changed regularly, especially upon returning home.
- Set up remote wipe and device disablement functionalities.
- Validate that all software (i.e., anti-virus and anti-malware) is up-to-date.
- Back up the current state of the devices prior to traveling.
- Disabled auto-connect options for and turn off location services, Wi-Fi, and Bluetooth when not in use.
- Securely configure the devices’ Internet privacy and security settings.
- Connect to secure networks only (i.e., via a virtual private network or personal hotspot).
- Ensure that the physical presence of devices remains secure when devices are left unattended.
- Consider using a privacy screen when managing sensitive and confidential information in a public setting (i.e., airports, hotels and restaurants).
- Train employees on controls that are being re-implemented or that are new to the organization.
While the above security practices should be implemented and controlled by an organization 24/7/365, it is in times of travel in an unpredictable and unknown environment that they remain that much more important. A lack of security controls increases an organization’s risk of coming into contact with a cyber threat or attack.
If you are unsure if your organization has implemented security controls that have been suitably designed and implemented or that operate effectively, please do not hesitate to reach out to a representative at FoxPointe Solutions today, including myself via ccaryl@foxpointesolutions.com, to see how we can help ease your mind and validate that your organization is ready to travel the world again!