Working from Home Assessment Protocol on information and cyber security

With employees working from home becoming the “new normal”, it is essential to know that your employees are doing so in a consistently secure manner. DNV’s Working from Home (WFH) Assessment Protocol helps any company identify those information and cyber security gaps posing the greatest risks to its operations.

In an increasingly digitized world, employees are creating value from remote locations. As the work place is becoming more fluid, emphasis on information and cyber security coupled with a sound security culture is essential to safeguard productivity and continuity. Allowing employees to work from everywhere requires the right infrastructure and security controls.

During a crisis such as COVID-19, companies may be forced to operate their entire business remotely. Workers dispersed throughout their homes. Many companies are questioning whether work is being carried out in accordance with their information and cyber security policies.

Cyber crime is on the rise , increasing by 600% globally during COVID-19. Individuals at home are easier to target. There may be a need to enter quickly into new agreements with 3rd party suppliers to ensure continued operations, requiring new policies or leaving companies with little time to ensure compliance with existing ones. In these circumstances companies that are not informed about their specific information or cyber security risks face significant impacts and losses to productivity and business continuity.

While ensuring that working from home is secure anytime and enabling a sound security culture among employees is always a pre-requisite, testing times make it critical.

Possible risks

Risks companies must ensure they control could range from.

  • Corporate controls are often not extended to the working from home (WFH) set-up, posing information security/data protection, productivity and continuity risks.
  • Threats to infrastructure/information and cyber security risks, requiring:
    • Additional investments needed to enable staff for WFH (mobile devices, connectivity, tools etc).
    • Retail data bandwidth usage to increase, while corporate data bandwidth usage drops.
    • Protect against cybercriminals who look to take advantage of the current situation.
    • Data/device security, and protection from cyber issues.
    • Protect against phishing, data theft, ransomware/malware, etc. Phishing attacks spiked over 600% globally during COVID-19.
  • Third party supplier management.
  • Employee’s adoption of a sound security culture.

How can we help?

An independent assessment according to DNV’s Working from Home Assessment protocol measures your maturity. Considering multiple factors including management controls, connectivity, data protection, 3rd party suppliers and employee security culture, assessing your maturity lets you take control and implement targeted and effective risk mitigating actions. The assessment protocol covers the following:
  • Measures maturity applying control questions according to the protocol.
  • Existence and effective implementation of controls is assessed remotely:
    • discussions with users;
    • document review;
    • process/practice verification.
  • Controls are categorized and assessment findings are rated on a graded scale based on implementation effectiveness.
    • Results are consolidated into a cumulative compliance maturity index with target setting for improvement.
    • consolidated management report on the key findings.
    • immediate action points and risks.
    • best practices, noteworthy efforts and conclusions.
The WFH assessment framework can be delivered remotely to any organization. It leverages on best practices defined in standards, schemes and guidance documents such as:
  • NIST 800 – 53, ISO 27001:2013, ISO 22301:2019 and BCI Standards;
  • DSCI and DNV’s own guidance documents.
DNV can also share insight on best-practices to improve and delivers training for both IT and non-IT personnel.