Conversations in Risk-Based Security

CORONAVIRUS:  Another “Case” for Integrated Risk Management

Posted by Lynx Technology Partners on Mar 16, 2020 10:36:03 AM

Just as you’ve begun to update and reevaluate operational structure in support of growing threats of all sorts, along comes….Coronavirus - as if we needed a reminder that the world is full of ‘threats’.  

As unfortunate a situation and horrible a virus as this is, it does present perhaps an important reminder that there are, in fact, MANY threats looming.  A company must be prepared for all types of ‘infiltrators’.  And perhaps this is a reminder – and a ‘case’ being made for:  Integrated Risk Management; aka IRM.

An INTEGRATED environment best supports the assessment, prioritization, mitigation, and eradication (if that’s ever possible) of ALL types of threats in cybersecurity.

ASSET ONE:  EMPLOYEES
An employee’s health and safety is, ‘job number one’ – a company’s most important asset is its people, of course.  Companies are engaged daily in risk assessments tied to protecting employees’ lives.  Coronavirus (COVID-19) has brought this risk assessment to the forefront.  Employers around the country are faced with any number of related decisions, including whether or not employees should work from offices, or whether they should work from home.  And if they are ill, companies must assess what remedies for any related losses are readily available.  How does employee loss impact your day-to-day business?

VPN:  Among other solutions and precautions, if employees are working from home, the Virtual Private Network (VPN) can be used as a secure launch page.  It redirects an employee’s connection through the employee’s internet service provider via a remote service run by the VPN provider.

But – is that enough?

ASSET TWO:  SYSTEMS
Fraud.  Scams.  Phishing.  COVID-19 has presented new opportunities for the ‘bad guys’.    There are any number of reported scams preying on people’s fears and need for related information.  Attackers are using malicious links and documents that claim to contain information on how to protect yourself from the disease.

Back on February 13, Trustwave reported multiple phishing attacks involving Microsoft Office 365; attackers were stealing credentials using a COVID-19 theme.  Wired also recently reported other attempts tied to people’s fears. 

Once again, the human element, and vulnerability.

Businesses must review and expand their contingency planning and decision making related to all of these threats to ensure security risks are adequately integrated.

CRITICAL ASSET:  INTEGRATED RISK MANAGEMENT
These incidents – and they do seem to be growing in number – are not, and should not be viewed in isolation.  Nor should they be relegated to any one ‘division’ of the company:  human resources for the people, IT for the systems.

No.  An INTEGRATED approach to risk management can create a more thoughtful and comprehensive view, and therefore a solution for threats – of all types.  An integrated approach and viewpoint helps create a ‘true’ risk management picture – a holistic view of everything that may be impacted, with responses tied to critical priorities - across the entire operation.  This integrated view allows for enterprise wide, strategic decision making.

While LYNX Technology Partners has its proprietary tool, LRM (LYNX Risk Manager), and yes, we can help! – it is more important that companies begin to THINK:  INTEGRATED RISK MANAGEMENT.  Only then can resources and solutions be properly, and efficiently directed.

Be prepared and please, be safe.

Topics: Integrated Risk Management