COVID-19 has been, and continues to be, a stark reminder of the importance of business resilience. Organizations of all types and sizes have had to adjust to rapidly changing and unpredictable circumstances: A shift to remote work, supply chain disruptions, new digitally driven business models and an environment where uncertainty is the rule, not the exception.
Resilience is a broad concept that applies to a variety of business factors. A recent study by HSBC in response to COVID-19, reveals that business leaders view resilience as built on four platforms: Customers, employees, agility and a strong balance sheet. Investing in innovation and technology was the main focus for companies in building business resilience, and was also the most effective measure, according to HSBC.
Research shows that investment in digital resilience results in aggregated cost savings of 15% to 25%. To find out more, read The Future of Business Resilience White Paper.
The question for most organizations in today’s environment is not whether to invest in technology to improve business resilience; rather, it is about where to invest, how to invest and how to define and meet organizational resilience goals in the face of ongoing disruption and uncertainty.
One of the top priorities for achieving business resilience is protecting the organization against cyberattacks and data breaches. The shift to remote work has created an environment where organizations, as well as their people, are more vulnerable to malicious attacks as well as breaches caused by employees through either ignorance or negligence.
Key Questions for Cybersecurity and Compliance
As your organization adjusts to this new environment, what are the top factors to consider in mitigating the risk of cyberattacks, data breaches and violations of compliance regulations in your industry or in the countries and regions where you do business?
Here are six key factors to consider and the most important questions to ask so that your organization can maintain and improve business resilience in cybersecurity, compliance and risk management in today’s environment:
- Secure Remote Access: Can you manage identities across all applications and devices? Can users sign on and seamlessly access all of their business applications? What methods are you using for authentication?
- VPN Split Tunneling: Are users experiencing VPN bottlenecks? Can remote users leverage VPN split tunneling to reduce latency and improve productivity for business-critical enterprise applications such as Office 365, Microsoft Teams, SharePoint Online and Exchange Online? Are you using a VPN split tunneling model that preserves the security posture of your VPN implementations by not changing how other connections are routed, including traffic to the Internet?
- Zero Trust: Do you meet the Zero Trust requirement of “never trust, always verify?” What is your identity access solution—is access only granted to cloud-managed and compliant services? Are all workloads monitored and alerted for abnormal behavior?
- Threat Protection: Do you have a strong authentication solution? Can you identify phishing attacks and is your endpoint protection solution complete and automated? Do you have integrated threat protection? Do your employees receive ongoing cybersecurity training and do they understand basic cybersecurity hygiene?
- Data Protection: Do you know where your business-critical and sensitive information resides and what is being done with it? Do you protect data consistently without impacting user productivity? Do you have control of data in transit, inside and outside of your organization?
- Compliance: Are you meeting supervision regulatory requirements across company communications? Can you timely detect code-of-conduct policy violations in company communications? Do you have adequate safeguards to protection against insider risks that could impact compliance or data privacy?
Taking the Next Step
Knowing the right questions to ask is obviously an important step. But finding the right answers is even more critical. For more details on these questions—and their answers—please download the Solution Guide Security, A Guide to Building Business Resilience.
Having an integrated, end-to-end, cloud-native solution for cybersecurity and compliance is one of the foundational elements in meeting the business resiliency challenges of today’s new workplace and world of remote work.
In addition to the resources cited in this article, you can learn more about how your organization can meet and exceed your business resiliency goals in cybersecurity and compliance by visiting Microsoft's resiliency resources.