7 steps to securely shutting down business units

Closing down parts or all of a business involves more than just decommissioning IT assets. CISOs must lead a holistic effort to ensure data and access aren’t left exposed.

An empty office has been cleared out with only a moving box remaining.
Yvan Dube / Getty Images

Many businesses are making large-scale changes to their operations in the wake of COVID-19. Those changes might include restructuring and closing at least some parts of their business.

Here are the most important tasks a CISO needs to do to ensure that security is properly addressed and data is protected during closure of product lines or business units.

Get in the loop early

CISOs are familiar with many key processes involved with shutting down or restructuring an area of a business -- revoking access, reclaiming devices, decommissioning IT assets, deleting data from online services, terminating vendors, migrating legacy applications and data to new ownership. The scale, however, may be a new challenge, and the earlier CISOs are informed, the better they can prepare.

James Hampshire, cybersecurity Director at PwC, says including the CISO earlier in sensitive events such as mergers, acquisitions, or closures is becoming more common. However, CISOs sometimes must play catch-up in what can be complicated scenarios.

To continue reading this article register now

Microsoft's very bad year for security: A timeline