When the COVID-19 pandemic arrived in 2020, it forced many financial services and investment management companies to implement new technology quickly: messaging apps, collaboration tools, document sharing services, and more. At the same time, those firms had to heed new regulations and re-evaluate their risk management policies as they sent employees to work from home until further notice.
This transition was especially difficult for companies that hadn’t previously supported a remote workforce. Compliance officers lost sleep as they grasped the potential risk of staff using home computers and unsecured wifi networks that may or may not live up to regulatory requirements.
Simply put, the management of corporate assets—data, applications, networks, and even the physical computing devices employees use—became far more challenging, and important, to get right.
How a remote workforce made asset management compliance more difficult and more important
In the days when employees mostly worked on-premises, IT managers could keep tight control over corporate data and software systems because everything was right there: customer information, sales figures, and proprietary information never had to leave the building. Managing your data and IT assets to comply with regulatory obligations wasn’t necessarily easy, but at least all those assets were under the CISO’s and compliance officer’s control.
The pandemic demolished those days. Businesses that didn’t have a remote access policy (because they never needed one) were suddenly at risk for making costly mistakes that could lead to expensive and embarrassing data breaches.
A host of new questions suddenly surfaced, that made management of your IT assets much harder. For example:
- Are VPN connections secure, and do they timeout when not in use?
- Where do remote workers store company owned hardware, such as laptops, USB drives and external hard drives, when those things are not in use?
- Are passwords stored in a secure manner, rather than written on a sticky note pasted to a computer monitor?
- Is remote access granted in such a manner that employees only have access to exactly what they need, making it easier to shut down unauthorized access to the network?
- What is the process if a remote employee is terminated and has to return company-owned hardware?
- Can you continue to meet compliance requirements for your industry and protect sensitive data?
As you can see, risk management looks quite different when your staff is spread out over many zip codes and timezones, using equipment and software far from your immediate control.
Managing physical assets and inventory
When COVID forced people to work from home, tracking IT and data assets became far more difficult for compliance officers to do. Operations managers purchased and implemented new hardware and software primarily to meet their immediate needs and hoped those new IT systems would meet compliance requirements—but with little confirmation that their new arrangements actually did meet those requirements. Working from home meant a huge change to any regulatory environment that never before had included remote staff.
As employee workflows changed dramatically, compliance programs had to follow suit and somehow achieve the same due diligence and oversight as when all employees were under one roof. That meant new risk assessments to identify vulnerable spots in improvised procedures, often using technology that had just been implemented.
Those challenges will carry over into 2021 as COVID persists. As businesses move from those emergency measures last year, to sustainable operations and compliance this year, consider these steps to keep management of your IT assets well in hand:
- Appoint a chief compliance officer or, for smaller organizations, a compliance team that’s responsible for making sure you meet all new regulations. This team should also be responsible for obtaining, rewriting, and distributing new compliance policies.
- Identify the regulatory bodies that govern your business and make sure you know exactly what is expected of your organization.
- Conduct audits on a regular basis. The best way to do this is to hire a third party to verify that you are following all procedures and regulations.
- Make sure your staff follows all new guidelines, especially where new workflows are involved. It’s tempting to fall back on the old and familiar, especially during stressful times. The old and familiar is no longer fit for purpose in our new and uncertain world.
- Automate as much as you can. For example, implement barcodes and scanners to track computer inventory.
- Plan for the worst possible data breach you can imagine. Hacking continues to be a menace, so make sure you disclose to your clients, donors, and customers how you protect their personal data, credit card numbers, and other vital information.
Compliance and asset management tools
As you forge a path for your business through the COVID pandemic, it may seem overwhelming to stay in compliance with new regulations and keep track of your assets.
We are here to help you manage it all and keep your business safe. ZenGRC’s compliance management, risk, and workflow management software lets you roll diverse tasks into a single Compliance Management Tool. This intuitive CMS platform not only keeps track of your workflow, but makes it easy for you to find areas of non-compliance or high risk, before a risk becomes a real threat.
Worry-free compliance management is the Zen way. For more information on how ZenGRC can enable your CMS, contact us for a demo.