For many small and medium-sized manufacturers the great teleworking experiment brought on by COVID-19 has been a painful one. The sudden shift to telework poses numerous managerial, logistical and operational hurdles. To make matters worse, cybersecurity risks are amplified by the needs of a remote workforce.
As with any complex management task, it helps to categorize and simplify the problems at hand. Cybersecurity risk management (teleworking in this case) can be broadly divided into two domains: governance and technology.
The most effective cybersecurity governance strategy is setting expectations for the organization. Developing robust cybersecurity policies and training the workforce on them are the building blocks for developing a culture of security. Additionally, continuous cybersecurity awareness training offers incredible risk management return on investment.
Cybersecurity policies, controls and technologies must be planned, developed and implemented with the assumption that external environments contain hostile threats. Now that employees are working from home and sometimes even using personal, unmanaged devices to access company assets, certain technology solutions are absolutely required at a minimum:
For an exceptional resource on the benefits and drawbacks of various telecommuting solutions (without being overly technical), NIST Special Publication 800-46 Revision 2 “Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security.”
CMTC has tremendous experience helping manufacturers reinvent cybersecurity programs large and small. Don’t hesitate to reach out for more information on the topics discussed here (including NIST SP 800-46) or for help demystifying and understanding the complex world of cybersecurity.