Specialist IT Resources

Remote IT Security: 5 Questions Your Business Must Be Able t

Written by Method IT | Jun 4, 2020 4:44:00 PM

 

Love it or hate it, working from home is going to be the norm for the foreseeable future. Even if your organization does move back into an office sooner rather than later, remote work will likely remain an important part of your culture.

It's not just a matter of social distancing. Many employees enjoy working from home, believe they are more productive and want to continue doing so. That means the office is no longer the beating heart of the company. As one of our clients eloquently put it: the office is going to be one of many business tools, not just the place where work happens.

Working from home is the future, and your company needs to be prepared for it. You've done brilliantly to make the shift to remote work so quickly. But don't rest on your laurels. Now is the time to establish a long-term IT strategy that reviews your current WFH solutions and sets out a roadmap to secure your business data going forward. 

Ready to see how prepared you really are? Here are five key questions business leaders need to ask themselves about their remote IT security.

Have Short-Term Solutions Put Your Business at Risk?

The speed at which lockdown happened caught many businesses by surprise. You had to act incredibly fast to make it possible for your employees to work effectively in quarantine, and that probably meant adopting a range of solutions and software that you'd never used before. 

Unfortunately, those newly-adopted solutions could be putting your business at risk. If you're like most organizations, you simply didn't have the time to consider business strategies around working from home.  

To be clear, what you did wasn't wrong; it was done out of necessity. Many businesses, quite understandably, took the view that short-term solutions would be satisfactory. They could be implemented quickly and removed as soon as things returned to normal. It might seem silly looking back on it, but many of us thought this would all blow over fairly quickly. 

Clearly, that isn't the case. So now business owners and IT managers must ask themselves whether the tools they've adopted our compliant with their standard security practices. Make no mistake; your business is a target. While your employees have been working diligently from home, hackers have been working hard to take advantage of the temporary solutions your company put in place. 

This is a problem because most of your standard security measures have probably been neglected. Take, for instance, a new laptop that an employee bought so she could work from home. Normally, your IT department or IT provider would set up and secure the device. They'd check it ran a supported version of the operating system, had up-to-date patches, the right antivirus systems and sufficient access controls. None of that has happened in this case. At best, your standard procedures have not been thought about. At worse, they are woefully non-compliant.

 

Do You Really Need the New Tools You’ve Bought?

As part of the shift to remote work, companies have adopted in-vogue tools like messaging platforms and conference call software with reckless abandon. And we do use that term literally.

 

Many of these apps are less than secure. Take Zoom, for example. Zoom was not a major player in the video conferencing market prior to the pandemic. But they have become the go-to brand thanks to an effective marketing strategy that's positioned their product as the fast, free and easy way to connect.

Their sudden growth comes at a cost, however. And your business could be the one bearing it. In most cases, your IT team won't have been able to give the platform a rigorous and thorough evaluation that is normal when deploying any software product inside a corporation. In other words, there's no way to know for sure whether it is putting your business infrastructure at risk.  

No one is safe from these platform's problems. Case in point, even the Government's press briefing on Sunday 17th May was beset by Zoom outages that forced journalists to submit written requests rather than asking them via the app. You don't even need to be a talented hacker to bypass Zoom security. Anyone can Zoom-Bomb a conference call by Googling for rooms that aren't password protected.

The good news is you might not need to use Zoom or any of the other new tools that you’ve bought at all. There’s every chance one of your current software providers already has a secure and tested alternative.

If they do, it's obviously cheaper and more secure to use a product you already pay for. Using an existing product also reduces the number of applications your organization runs internally, making your infrastructure easier to manage.

Before you continue paying for Zoom and any other new applications you've splurged on during lockdown, discuss your ongoing needs with your IT department or IT provider. They'll be able to tell you whether you really do need these tools and how secure they actually are.

 

Are You Still Meeting Regulatory Standards?

Does your organization have to navigate strict and exacting regulatory requirements? Do you need to maintain GDPR compliance? You may have been getting a free pass for the last month if so. 

Up until now, regulators in sectors like law and accountancy have been relaxed about adherence to codes of conduct concerning data security and storage. They understand the difficulty businesses had in going remote so quickly, and they've turned a blind eye as a result.

Unfortunately, the honeymoon period is over. Regulators have come to the same conclusions as the rest of us — that remote working will be the new norm for some time. Letting standards slide for a month was permissible. Letting them slide for several more is not.

Your working environment may have changed, but the importance of the data you store hasn't. Remote or not, you need to make sure that you continue to protect it according to your industry's standards. 

This question should be a top priority for any organization with rigorous requirements. You've had time to start replicating the policies and procedures you had before the pandemic. Put them in place now before regulatory bodies start targeting the organizations that don't.

 

How Are You Keeping Your Corporate Network Secure Going Forward?

By answering the three questions above, you will have analysed your post-COVID IT strategy, identified what has worked and assessed whether existing systems and tools can be adapted to meet your new needs.

Now let's look to the future. Moving forward, how are you going to keep your corporate network secure while staff continue working from home?

Specifically, you'll need to make sure the policies and procedures you had in place to protect your corporate network in the office can be applied now your employees are working from home.

If employees are using the same device for personal and work use, your business must implement strategies to ensure that anything staff do in their free time does not harm your corporate network.

 

 

For example, businesses will have to consider whether they want corporate devices to share the same network connection as personal devices like PlayStations. If all devices share the same router, hackers can use personal ones as stepping stones to access your organization's corporate network.

 

What About the Devices Themselves?

It's not just viruses, malware and hackers you need to think about, either. You have robust physical security in an office. Your equipment is well protected, you know who has access to it and you can lock your office up at the end of the day. In other words, it's unlikely someone is going to steal it. 

That's not the case with remote work. Corporate devices are constantly at risk of theft or loss when employees work from home, and this is detrimental for several reasons.

Firstly, these devices aren't cheap. SMEs don't always have the biggest budgets, and a top-of-the-line laptop is not small change. Second and perhaps more importantly, you're not just losing the device. Your corporate data is also lost. Worse still, if the data on that laptop isn't encrypted, you may well be breaching regulatory requirements, too. 

Businesses will quickly need to come to terms with the fact that the end-user (aka your employee) is often the single biggest point of weakness within your company. Malicious or otherwise, one errant click in an email or one missing laptop is all it takes to cause havoc within your organization. 

As part of this, business leaders will need to ask themselves whether additional employee training is required to work from home. The importance of a strong BYOD policy and the threat of malicious attacks is not always obvious. If it isn’t clear to your employees, that will need changing, too.

This is a stressful time for organizations across the country. But it is also a huge opportunity to establish policies that protect your organization while giving employees the freedom to work where they want.

 

If you’d like to discuss remote IT security or any other aspect of business IT with one of our expert consultants, please don’t hesitate to call us on 0345 521 6111 or fill out our enquiry form here and we’ll be in touch.