Coverletter for the February 2021 Newsletter

Dear Friends,

These are not normal times. Implementing proper IT Governance is essential. All companies must tighten up their cyber-security protocols for their remote workforce.

In the past, the conventional wisdom on cyber-security was to play defence and respond quickly to breaches. The new policy is to be proactive, conduct scenario planning exercises and ensure patches and pen-testing. Current cyber-environment calls for a proactive approach from all stakeholders of the organisation.

Unfortunately, many organisations have to pay ‘ethical hackers’ to investigate computer and network vulnerabilities. Some even pay for a monthly report to identify if sensitive information, passwords or personal information is bought or sold on the “dark Web.”

Let us revisit some tips we provide in our workshops, seminars and online classroom events:

Do not reuse passwords and make them complex
Use multi-factor identification wherever possible
Install reputable anti-virus software with real-time protection
Keep all operating system software patched and up-to-date
Enforce employee training and discipline

Reinforce work-from-home standards. The above tips are standard; however, they are still the cause of a majority of cyber breaches. Those companies that have had significant data or cyber breach take additional steps after the fact:

All employees sign a remote worker agreement, which requires workers to acknowledge the company’s cyber-security protocols and check-in several times a day
Move the entire workforce to a virtual desktop system, so that once the employee is logged into the company’s virtual desktop, nothing they input on their remote access point is saved on the remote device.
Install endpoint monitoring software that monitors every endpoint—every laptop, every server, connected to the internet and the IT platform—to watch out for potential attacks.
Ask challenging questions of every third-party supplier for continued security and compliance.
- Limit third-party access to only those portions of your network and database that they need
- Only use reliable and trusted third parties that have answered challenging questions about their virtual work environment
- See the limits of their insurance coverage

All of the above may seem a lot to some; however, it is only a fraction of the effort and cost if there was a significant cyber incident. Call us or participate in one of our events to learn more:

Find the right approach to clarify and streamline compliance obligations, and focus risk management on the critical, urgent risks.
Protect from cyber-attacks by properly training all employees and help them understand the risk.

Best regards

Kersi

kersi@e-compliance.academy

GDPR, GRC staff and Managers
DPOs, CIOs/CTOs
Internal Audit Managers and Staff
CISO
CxO
Lawyers, Accountants and Auditors
Compliance Officers
GRC Officers
IT and Cyber Security Officers
Information Security Managers
IT Directors and Managers
Consultants and project managers involved in GRC, data protection, information security or cyber security issues
Consultants and project managers participating in GRC, GDPR projects.
Individuals with IT experience who want to qualify on GRC, GDPR issues.
Board Members
Non-Executive Directors
Senior Management
Members of the Audit Committee
Data Controllers, Data Processor

Professional training content at various subjects at multiple IT Security, GRC, GDPR, BFC, CSR organisational levels
Pre-reading material and comprehensive documentation (also as a PDF file optional).

- Blogs, articles and books that provide an explanation on the course content to ensure the right understanding of the processes for practical implementation guidance
- A standard component in all our eLearning seminars is The Copenhagen Compliance® Roadmap and Framework
Certification Exam after each eLearning course
Participants will receive a number of templates, policies, documents relevant to the course subject and their role and responsibilities for monitoring IT Security, GRC, GDPR, BFC, CSR
Certificate of completion with CPE points (on request)