The shut downs and remote operations are, hopefully, beginning to ease. And, as we all hope, we can start to put this stress and complication behind us. But before we all move to put this in out rear view mirror, DCM would suggest some simple steps to make sure nothing gets left behind and starts to go bad:
1. Ask all staff to do a review of ANY personal devices that they used to perform company work in a manner unlike normal operations - look for any new files saved to personal drives that shouldn't be there. It may be appropriate for your IT department to come up with a checklist and set of available tools to do the house cleaning. Maybe have every staff member even attest that they have performed the checklist and used the tools.
2, During the house cleaning, provide an "amnesty" for reporting an oops found during Step 1. Having a staff member perform the house cleaning only to find out later you have an existing log file that shows a download of a document that shouldn't be outside the firewall.
3. Consider doing an in house or third party audit of types of actions that could cause trouble - now might be a good time to look at the 500 surveillance alerts your junior staff member cleared between 1 and 2 AM one morning two weeks ago. People have been working under stress and with all sorts of distractions - it might be good to do a spot check.
4. In the same vein, have you kept a log of the "emergency exceptions" or "waivers" of risk or compliance policies, procedures or controls that have been issued? Many companies have - do you perform an audit to make sure all changes have been covered with a waiver or exception? Maybe a staff review of procedures and controls is appropriate with, again, an amnesty of reporting instances that were not covered at the time and a process for confirming the incident, the cause no waiver was sought, and a documentation of the results.
All of these suggestions have the potential to do multiple things - you can assure no surprises are hiding out there; and you can rectify and issues that are found; and you can use any and all instances as training opportunities for any and all staff.
Let's not just run away from the stress of the current situation as fast as we can or go to analyse how we can do this better before you have the facts of how well this current situation was handled.
DCM can help you with audits or reviews, please reach out even if you would just like our feedback on your own internal plans.