April 10, 2020

5 Quick Tips for IT Compliance & Data Security During COVID-19

By John Patrick

Maintaining effective internal controls during remote operations relies heavily on effective IT General Controls, cybersecurity safeguards, and data privacy. Remote work environments create new risks for companies, as management attempts to navigate a new digital reality using a virtual workforce. It is critical that management plan ways to mitigate IT risks in this new environment.

Here are five quick tips to ensure you meet IT Compliance & Data Security requirements during a pandemic:

  1. Reinforce IT policies and procedures

    It is important to remind users of their responsibility regarding effective IT controls and behaviors. Many companies are taking time to re-train and reinforce IT security expectations to their employees.

  2. Focus on maintaining effective access controls

    Make sure to document all approvals for system access (even if just via email) and remove access quickly when no longer needed. Companies are seeing an influx of system access requests, as users need to login to systems remotely or may need to access new systems to help fill resource gaps.

  3. Consider testing IT General Controls earlier in the fiscal year

    Due to the high volume of change occurring in IT environments, the likelihood of IT control failure increases. Testing controls earlier in the year will provide more time to remediate prior to year-end.

  4. Protect confidential information and dispose of it when no longer needed

    It is important to protect confidential company information when accessing it outside of the office. Don’t use personal email accounts for business purposes, since they are not typically as secure as your business email account. Store hard copy documents in a secure physical location, and make sure to dispose of documents securely using best practices when finished. Don’t share or write down passwords, where they may become compromised. Instead, go through the proper access control process to request a new account and obtain approval.

  5. Encrypt your data

    Home networks may not have the same level of security as corporate networks. It is important to secure home wireless networks and avoid public wi-fi. Enabling wi-fi network encryption at home is simple, and there are numerous online tutorials. Also, when using online tools to conduct business, make sure they are approved by company IT and have HTTPS/SSL encryption enabled (Tip: look for HTTPS in the website URL, instead of HTTP).

Bonus Tip: Train employees on the latest attacks

Beware of COVID-19 phishing attempts and other scams. Phony email messages, phone calls, and other communications are becoming increasingly common, attempting to steal payment and other information from victims. Inform employees to watch for suspicious emails or other communication and provide them with examples.

Bringing it all together

Remote operations create a new level of complexity and new challenges for IT internal control stakeholders. Additional IT requirements, new physical work environments (home offices), and distributed technology open the door for control failures and external cyberattacks. However, this also presents an opportunity to strengthen controls and enable new modes of operation that could benefit your company in the future. By continuing to focus on established policies and security best-practices, companies can overcome the compliance obstacles presented by remote work and emerge even stronger.

As you navigate the challenges of IT security and compliance during COVID-19, our IT Risk & Compliance team is here to help. We understand the complexity of technology and can assist with risk assessments, SOX compliance, automation, IT governance, and IT controls. Our core strength is guiding companies through change, and we are ready to jump in. Ready for a solution? Get in touch!

See How to Keep Your Internal Controls Healthy During COVID-19 for five helpful tips to effectively manage internal controls during a pandemic.

Other Helpful Resources:

Related Insights
5 Quick Tips for IT Compliance & Data Security During COVID-19
Read More
COVID-19 CARES Act Simplified: 5 Things to Know
Read More
Tips for Managing Cash Flow During Crisis
Read More

About John Patrick

John Patrick is an IT Risk & Compliance Engagement Manager at Bridgepoint Consulting. John has deep experience across a multitude of skill sets, including cybersecurity and data protection policies, procedures and best practices, SOX, SOC 1 and SOC 2, IT audit, security, risk, and compliance. A high-performing leader, John has served in dynamic roles that have seen him manage areas of client relationships, sales, business development and technology support. His industry experience spans IT operations and outsourcing, biotech, public sector, banking, food and beverage, communications, oil and gas, real estate, technology and industrial products, among others.  He earned his Information Systems and Accounting degree from the University of Texas at Austin.

JPatrick@bridgepointconsulting.com Recent Blog Posts LinkedIn