Skip to main content

Pandemic and Cyber Security

Author: Cantekin Ertekin

The coronavirus outbreak has brought an issue often ignored by institutions back to the agenda: Business Continuity.

Uncertainty about the scope and duration of the current outbreak is having a wide-ranging impact, from organizations reevaluating employees’ travel plans to investors selling stocks. With the potential to impact supply chains, employee productivity, and third-party relationships, the risk of an expanding outbreak is top of the agenda for company executives. Internal audit leaders should be prepared to review and recommend necessary updates to pandemic, disaster preparedness, and business continuity plans.

Cybercriminals taking advantage of crises will likely be more active in the coming days. Organizations should create lists of safeguards to defend against phishing and social engineering.

General questions to assess your organization’s disaster preparedness


  • Here are some common questions your internal audit department should ask to determine whether your organization is appropriately handling disaster preparedness and business continuity planning:
  • When was the last time key stakeholders reviewed your organization’s contingency plans? When and by whom were your organization’s goals last tested?
  • Is the coverage of your current plans sufficient against natural disasters and epidemics that may affect your institution? (Your employees? Your cloud providers? Your suppliers? Your customers?)
  • How do we inform providers, emergency responders, regulators, insurance agencies, and other critical stakeholders of touchpoint changes?
  • How can your organization perform manual versions of business-critical automated activities? Are the necessary forms and procedure manuals available? Are there appropriate personnel to do this?
  • How does information technology enable critical infrastructure components?
  • What business goals are blocked or restricted when the internet is limited or unavailable?
  • What training have your employees and colleagues received on what to do during a natural disaster or epidemic?
  • Have you tested the business continuity of your data center?
  • What critical business processes or activities cannot be transferred to an alternative location?

General questions to assess your social engineering vulnerabilities

  • What are your organization’s practices, policies, and training that address the threat of social engineering? How are these communicated and implemented to employees?
  • Is the threat of social engineering fully understood and communicated to all levels of employees in your organization?
  • Which systems and processes are particularly vulnerable to social engineering? What key business processes have the potential to be impacted?
  • What testing does your information technology department do regarding specific areas of vulnerability to social engineering?
  • Do you have plans to audit specific areas of your organization’s vulnerability to social engineering?

Bu gönderi şu adreste de mevcuttur: Türkçe