When COVID Struck, Compliance Took a Back Seat
Faced with the prospect of closing their doors for good, many businesses caught in the grip of the COVID-19 pandemic put compliance on the back burner. It’s an understandable response: People aren’t particularly worried about having the house up to code when the roof is on fire. Still, the first half of 2020 saw more than 1,300 regulatory actions in response to the pandemic, and companies will remain at risk if they don’t jump back in the driver’s seat and catch up with compliance demands.
Fines and penalties aren’t the only obstacles noncompliant organizations face. Cybercriminals know that many companies are struggling to stay afloat amid widespread economic upheaval, and they’ll seize any opportunity to steal valuable data. In the ongoing crisis, a data breach is the last thing anyone wants. To avoid potential disaster, it’s time for business leaders to put a security risk assessment back on the priority list.
Even the organizations that took security and compliance seriously before the pandemic are likely at risk. As employees left their offices to work from home, most were left to rely on their own unsecured devices that they might even share with the rest of the family. VPNs and free remote access tools offered organizations quick fixes, but these solutions are mere Band-Aids in highly regulated industries.
With many businesses putting off their returns to the office until 2021 at the earliest, the following risk mitigation strategies are more important than ever:
1. Maintain an accurate record
It might not seem like a pressing issue now, but you’ll eventually be required to show how decisions made during the pandemic complied with the regulations governing your industry. Record all your decisions as you make them, along with the reasoning behind them and the outcomes as they unfold. Auditors are busy, too, but they’ll eventually catch up with their own backlogs and come knocking at your door. Thorough documentation will prepare your business not just for that visit, but also for the next pandemic-level crisis that comes your way.
2. Prioritize your people
If your organization is like many others, it might be struggling to cope in a difficult business environment. What’s even more difficult is the struggle your employees are facing as they juggle uncertainty and chaos in their professional lives along with additional responsibilities at home. It’s necessary to change and update security protocols during the pandemic, but keep in mind how these changes will affect your employees. Their lives have already been disrupted in countless ways, so make new security measures fit into existing workflows as seamlessly as possible.
3. Address threats through education
Security and compliance are often framed as technical problems that can be engineered away, but the reality is that people are behind the movement of data throughout your organization. In the “new normal,” when data governance needs have evolved tremendously, it’s vital to ensure that your team knows how it should treat each kind of data. That means in-depth training that covers topics like data classification, choosing secure passwords, and inbox safety, to name a few.
For companies that rely on Salesforce, there’s some good news. Because Salesforce software is cloud-based, it’s accessible from anywhere employees have internet access. To further facilitate the transition from office to home, the titan of CRM has released a set of tools (including Salesforce Meetings) designed to empower remote workers.
In the same way that some mortgage lenders and utility companies elected to give customers a grace period when they wouldn’t be penalized or have service cut off for missed payments, many regulatory bodies sought to ease the burdens on struggling companies after the pandemic hit. As the crisis drags on, however, expect audits to resume with what may very well be a more rigorous review process than usual. How prepared are you?
Interested in learning more? Request a free Guided Risk Assessment for Salesforce today, or schedule a demo below.