Horizons Fall/Winter 2020

Area of interest 4: The Location of Company Data Concern: Organizations should understand whether employees are using home computers or personal email or even a personal cloud subscription for performing work-related tasks. What could be well intended as a short-term workaround might result in company data residing on a personal computer, hard drive, unapproved cloud instance (i.e., use of cloud system), or email inbox — which could lead to infected files, from sources such as personal Dropbox storage, coming back into the organizational network. Recommendation: Reiterate to your employees that company data and company files should not reside, temporarily or permanently, outside the corporate environment. Have employees return all company data back to a preferred/ approved storage location and stay diligent as they work from home full time or alternating with days at the office. Concern: Did your organization have a single videoconferencing solution prior to the pandemic? Or are your employees subscribing to and using free videoconferencing solutions? The more different videoconferencing platforms your people use, the more opportunities for security breaches. Recommendation: If videoconferencing is becoming an important aspect of your organization’s business, it would be in the organization’s best interest to establish one videoconferencing platform so it can better manage the security settings and other implications of that application. Whatever solution is used should be vetted and have proper security implemented. Area of interest 5: Videoconferencing

Area of interest 6: Security Awareness Training

Concern: Is your workforce prepared for the increased phishing attacks that the cybersecurity community is seeing? Do you have employees who have never had to consider the physical security implications of being assigned a laptop or portable device? It may seem simple, but keeping employees engaged, aware, and educated on security policies and their responsibilities is more important now than ever. Recommendation: Keep security awareness and training campaigns active during this time of remote work and, if anything, consider increasing training requirements so employees have a clear understanding of security policies and procedures.

CYBER SECURITY ADVISORY SERVICES

RubinBrown's Cyber Security Advisory Services team monitors emerging threats and trends, develops tools and methodologies to address them, and delivers specialized services to organizations seeking independent third party security services.

Rob Rudloff, CISSP-ISSMP Partner Cyber Security Services 303.952.1220 rob.rudloff@rubinbrown.com Audrey Katcher, CPA, CISA Partner Cyber Security Services 314.290.3420 audrey.katcher@rubinbrown.com Christine Figge, CPA, CGMA Partner Cyber Security Services 314.290.3225 christine.figge@rubinbrown.com

Fall/Winter 2020

17