CISM ® – Certified Information Security Manager

(click on the image below to see the video)

In the context of the coronavirus pandemic, remote working has become the most widely implemented action to enable business continuity in our growingly service-oriented world. In consequence, the enterprises are opening more doors, tunnels and vulnerabilities to enable the information flow between the corporate datacenter and remote workers.

During this difficult period where enterprises are mainly focused on their survival, and where security is considered as a low priority topic, the frequency of cyber-attacks exploiting various vulnerabilities is increasing at an exponential rate. These attacks, coupled with the capacity limits of national, regional and worldwide technical infrastructures are seriously shaking the fundamentals of security in terms of information confidentiality, integrity and business continuity.

More than ever, the convergence of Business Continuity and Information Security is becoming a must to implement, in order to reduce the financial, operational, legal and reputational impacts of the cyber-threats.

ACTAGIS, was interviewed on this subject by RTS on March 27, 2020.

Willing to share its expertise, ACTAGIS proposes some key security recommendations for remote working that will help you to strengthen the continuity of your activities.

1. Set up a crisis management organization (a manager and if possible, a team) that can identify, prioritize and coordinate the necessary actions for the business continuity including the remote working plan.

2. Identify and focus on the most critical key processes of your enterprise and allocate to them the needed resources (human, material and financial).

3. Develop and implement the “Information Technology Disaster Recovery Plan”

4. Establish security policies & guidelines to facilitate the usage of technological solutions.

5. Empower your remote workers with on-line awareness & training sessions for security & remote working best practices in order to mitigate the cyber-risks relative to videoconferencing-bombing, corona-phishing, shared Wi-Fi…

6. Facilitate the activation of high-performance network connections for the enterprise premises and remote workers.

7. Provision sufficient capacity and implement adequate security for your IT infrastructure (software & hardware) that can scale and support an important number of simultaneous encrypted connections & access.

8. Provide secured corporate laptops (encrypted, hardened, using 2 authentication factors…) to enable a professional working environment.

9. Promote remote screen sharing and low definition video streaming enabling your staff to focus on the essential information without saturating network capacity.

Contact ACTAGIS for further recommendations, training and consulting services.

Take care of yourself and your family,
Jeff Primus

Author : Jeff Primus: Founder, CEO & Senior Consultant, has over 25 years of experience within information systems governance, cyber security and business continuity. Jeff, as an expert of the subject, actively implements ISO 22301 and ISO 27001 compliant Business Continuity & Security Management Systems for the public sector, SMSs and multinational companies in Switzerland, Europe and the Middle East. As a lead lecturer he teaches Security, Governance and Business Continuity topics at the University of Paris-Sorbonne, University of Geneva and HES-SO-Valais.

© 2020 Jeff Primus, ACTAGIS

(click on the image below to see the video)

Boosted by accelerated global exchanges, the Coronavirus is spreading very rapidly, with large scale effects also in Europe and Switzerland. Thanks to the widely developed healthcare system in these zones, we can imagine that the propagation of the virus will be decelerated. But, in the meantime, businesses have already begun to suffer from the pandemic situation. Experts in macroeconomy predict the gross domestic product (GDP) of the European zone to fall due to the direct and indirect impacts caused by the Coronavirus.

Business Continuity & the Coronavirus

Even if the Business Continuity Plan (BCP) should naturally be embedded in a normal business practice, most of the time only large enterprises have implemented it at a companywide level, leaving the small and medium-size enterprises (SMEs) unprepared for such pandemic situations. According to the official 2019 statistics published by the Swiss government, 99% of economic power is based on SMEs, making the vast majority of businesses highly vulnerable to the Coronavirus.

In the context of such a pandemic crisis, SMEs should be prepared to cope with the major disruptions related to the availability of human resources, supply chains, market demands for products and services, business travel, treasury and cash-flow. Failure to activate prepared solutions for such scenarios can have major consequences for the enterprises’ survival.

ACTAGIS provides below a helpful guide for a pandemic plan that SMEs can apply in order to get ready, by implementing adequate measures enabling their continuity in the case of a pandemic situation.

Jeff Primus, CEO of ACTAGIS, was interviewed on this subject by CNN-Money on February 26, 2020 (click for video)

Pandemic Plan (BCP) for Enterprises

Plan

• Define and assign responsibilities.
• Establish communication channels with the authorities and your key suppliers.
• Identify the key business processes that enable your key products and services.
• Set criteria and thresholds for the activation of the BCP.

Analyze

• Identify the risks, associated vulnerabilities and impacts applying to your company.
• Prioritize your key processes on which the enterprise will focus its continuity efforts.

Implement, Train & Test

• Develop step-by-step plans with detailed activities and their stakeholders, considering the impacts generated by employees’ absences, information systems and cybersecurity requirements, teleworking conditions, supply chain disruptions, variation in market demands, traveling issues, financial constraints, chains of dependencies.
• Enhance the plans by considering alternate solutions and insurance coverage.
• Develop and implement the “Information Technology Disaster Recovery Plan” (IT-DRP).
• Establish processes for employee welfare and repatriation from overseas.
• Deliver awareness and Training Sessions.
• Construct internal and external communication plans including also the emergency situations.
• Develop policies to be applied companywide.
• Test your plans.

Respond if your Enterprise is hit by Coronavirus

• Apply the hygiene advice recommended by the healthcare authorities and experts and provide the adequate facilities and material.
• Reduce travels and face-to-face contacts with various stakeholders (suppliers, customers) located in specific geographical regions.
• Activate the Information Technology Disaster Recovery Plan.
• Monitor the virus symptoms and activate the homeworking, teleworking plan in order to contain the pandemic propagation.

Author: Jeff Primus: Founder, CEO & Senior Consultant, has over 25 years of experience in information systems governance, cyber security and business continuity. Jeff, as an expert of the subject, actively implements ISO 22301 and ISO 27001 compliant Business Continuity & Security Management Systems for the public sector, SMEs and multinational companies in Switzerland, Europe and the Middle East. As a lead lecturer, he teaches Security, Governance and Business Continuity topics at the University of Paris-Sorbonne, University of Geneva and HES-SO-Valais.

© 2020 Jeff Primus, ACTAGIS