The way we live and work has been totally transformed – 2020 truly has been a year unlike any other. For organisations, the impact of COVID-19 – and the swift changes made to ensure staff could continue to do their jobs safely – are still having ramifications.
UK organisations have had to quickly adapt to a new blended workforce model; a mixture of in office, at home and deskless workers – a change which has put a strain on nearly all departments. However, IT teams have been particularly affected through remote working.
Not only have IT departments had to quickly ensure all employees are set up so they can successfully work from home, but implementing remote working on such a large scale has left them facing bigger and more serious security challenges than ever before – especially as competitors look to take advantage of the situation COVID-19 has presented them.
The challenges faced
Where organisations used to previously rely on the physical security of their premises and firewalls, COVID has forced a rethink. With employees scattered across the country and working at home practices now encouraged by the UK government, keeping staff productive requires a new found level of flexibility. This, however, presents potential dangers to data security.
Staff are now connecting remotely to their own personal networks and, in some cases, personal devices. It’s on these devices which workers – specifically HR departments – are dealing with highly sensitive and valuable personal and business data. Alongside this, ensuring everyone has secure access to the right systems and information is more challenging than ever. With workforces so spread out geographically, configuring remote security policies for a large blended workforce can be a nightmare to manage and maintain.
Not only this, but when looking at redundancies – which many organisations have been forced to make this year – remote working has made it trickier to ensure distributed devices are returned to the business and securely wiped. Handling this with potentially disgruntled employees is challenging without direct access to company hardware and poses another threat to a businesses’ security.
Policies are key
Any business worth its salt will have strong and relatively watertight policies in place to best protect data. While it’s important to have these policies in the first place, if organisations want to ward off adversaries, as well as to not fall foul of the potentially business-ending GDPR fine, it’s even more vital each policy is adhered to.
One way businesses can do this is by ensuring each type of data it handles has clear instructions on where it can be safely stored and processed. For example, personal identifiable information (PII) should never be shared on an internal chat system. Alongside this – and given the inevitable rise we have seen this year in cloud computing services – strict password policies should be implemented and followed. Whether this is done through a password manager or single sign-on solution however, is down to you.
Where employees have to use their own devices for work as a result of a lack of access to shared office equipment, clear BYOD (bring-your-own-device) policies should be created. These define boundaries for what personal devices should and shouldn’t be used for. Saying this, it’s vital all devices used for the purpose of work, whether personal or company-owned, have centrally-managed anti-malware software deployed on them. This will ensure real-time protection of sensitive information, the ability to restore corrupted data as well as vital protection against malicious software and viruses.
Businesses should also make use of a secure VPN for access to cloud infrastructure. Ensure detailed logging for this service is turned on, meaning in the event of a suspected breach, organisations have everything they need to perform forensics to quickly and accurately understand not only the root cause of the incursion, but also the extent of the potential damage.
Correctly supporting employees
Employees are facing a working environment like never before and keeping morale high in these unprecedented times – when face-to-face contact is limited – is tough. With so many workers having spent months isolated and working from home, it’s easy for them to become demotivated when it comes to following security procedures. This needs to be addressed.
This can be done through regular, informal contact using secure video conferencing and chat solutions to help boost mental health. Also, with on-premise, face-to-face training near impossible at the moment, investing in cloud-based training and assessment services to boost staff security awareness and provide training on GDPR is key. Lastly, don’t leave it entirely down to your employees – make sure you have a third party auditing your policies and performing penetration tests on your internet-facing assets as a fail-safe.
Pete is CTO at OurPeople and has more than a decade of experience in the software industry. After launching his career as co-founder of Cap2 Solutions - a mobile-first SaaS solution - Pete honed his skills in high-level product design whilst managing small and large teams of developers, QA analysts and product owners at Jonas Software and Landmrk. Pete loves creating fantastic software as well as building and leading extraordinary development teams.