How Security Leaders Can Tackle Governance, Risk, and Compliance in 2021

Copy of Copy of Andy Smeaton (1)

What is your risk tolerance? In the realm of cybersecurity, this question might as well be the newest addition to the Myers-Briggs test. Given the current state of the world, this matter is transferrable across all industries and even all facets of life. COVID-19 has forced us into a perpetual state of uncertainty and questioning: How long will this pandemic last? How will I continue with work? Will I have to find a new job? Well, a full year into the pandemic later and we still do not have all of the answers to these questions. But what we do know is that we are now more resilient and focused on preparedness, both at home and at work.

It is now up to business leaders to guarantee that their employees can safely transition from home back to the office. Additionally, executives should be "reviewing their risk management solutions and contingency strategies to be ready if another crisis like COVID-19 forces employees home once again." Employees and corporations alike are erring on the side of risk averse in the aftermath of the epidemic. As such, ramping up programs like Governance, Risk Management, and Compliance will be at the top of the to-do list upon returning to the office.

How do I ensure my employees can transition safely?

This question looms over organizations as vaccination rollouts progress and the light at the end of the tunnel nears. How can I protect my organization against similar disruptions? Transitioning employees from a newly remote workforce back into the office won’t come without its challenges. According to JD Supra, “expectations of working practices have changed permanently." Companies will be forced to adapt to this new reality as employees will be apprehensive to rejoining large environments. Similarly, most workforces who have turned to remote work likely will have adapted to a work-life balance unachievable before the pandemic. The most common response to this hesitancy will be a hybrid work environment, allowing employees to work remotely for a portion of the work week and in the office for the remainder.

There are significant fundamental adjustments that come with this new hybrid working world for many organizations, especially those whose employees were not granted the luxury of remote work pre-COVID 19. Process formalization sits at the top of this list of modifications. “The need for management controls, auditability and transparency, will mean these ad-hoc workarounds will need to be replaced with formal applications that meet the revised staff, management, and shareholders’ needs." New policies will need to be documented and acknowledged for the purposes of security as employees are not watched as closely when they are in a non-office location.

It is crucial that corporations keep their employees up to date with practice alterations to accommodate this new working environment.

While a sense of trust has been built given continued success amidst the pandemic, the risk of data/information theft or loss is much greater with a workforce that does not operate under direct supervision. Detailing and enforcing updated processes for data protection requirements and such areas as Acceptable Use in this new working world will help employees to certify they are working consistently as they would in a corporate environment. As manual processes begin to phase out, employees should also be subject to additional trainings to confirm preparedness in the face of hackers or phishing attacks. Employees must be compliant with all organizational initiatives to guarantee further triumph and safeguarding.

Not only should employees be following business objectives and requirements, but so too with regulatory requirements. The regulatory aspect of governance, risk, and compliance (GRC) is another area which is subject to change given recent events. Per KPMG Advisory’s report Ten Key Regulatory Challenges of 2021, “the most significant challenges include…increased compliance risk (as some risk assessments rendered obsolete by emerging risks, requiring new ways to assess risk and leverage data and technology to enable real-time risk analysis).” In other words, risk assessments and evaluations performed by regulatory bodies (such as audits) will now garner a different type of scrutiny to which businesses must adapt.

How do I keep up with the changing risk and regulatory environments?

Utilizing third parties such as K logix for such engagement as the performance of risk assessments with a focused compliance/regulatory lens will enable organizations to understand their environment in the context of changing security requirements. Subject matter experts through contractors help ease the pain of having to sift through cumbersome documentation and distill the information down into understandable, actionable material.

The world that we knew a year ago has completely flipped on its head. A new normal has taken stride that businesses must be prepared for to get ahead of the threats that will and have arisen with it. Security events are no longer a question of “if” but of “when,” and leadership across industries should make certain budgetary allotment for security, especially in the realm of GRC. Automation and the use of the Cloud are only further burrowing themselves into our working world; as they do so, organizations must be prepared to combat the risks that come with them.

K logix works with security leaders to ensure they gain support from the business and establish a security culture within their organizations. We help CISOs and security leaders gain justification, business knowledge, and technical aptitude to address shifting priorities. We meet you where you are when it comes to security awareness and offer customized training programs that are tailored to your organization and address your business’s specific challenges and needs.

Contact us for more information on how we can work together to strengthen your program. 

Want more? Read our latest Feats of Strength issue, where leading CISOs share how they measure success not only in achievements, but in lessons learned from an unprecedented year.


    Stay up to date with cyber security trends and more