Managing information security in the post-Covid world
The majority of us have found ways to adapt during the past couple of years and some of us may even have been surprised about quite how successfully this has been achieved. This success, relies heavily on technology and many businesses have been working hard to allow the flexibilities that are required within their established IT infrastructures to enable staff to work remotely. However, in order to do so, many organisations are now needing to accept a higher level of risk.
T he technological risks facing businesses depends on the weakest link in an organisation and the weakest link can so often be a business’ number one asset: its people. When based in the secure environment of your office workplace, it is reasonable to feel comfortable that your IT team can deal with the risks facing them. Whereas when staff are working from home, the situation is significantly different. Data and information relating to customers, staff and the business are all assets on which all organisations depend and during the past year the rules of the game have changed. The move to homeworking arrangements in rapid time during lockdowns has increased the vulnerability of organisations to cyber-attacks. Staff have needed to access key systems and data through personal devices or open internet- channels. Overnight, work laptops were sharing home WiFi networks, making an organisation’s vulnerability to attack less clearly defined.
Only the minority of business continuity plans will have accounted for such rapid change and the services set up to monitor and analyse threats to the networks, servers and databases under normal circumstances have been impaired by detecting new behaviours in the changed IT environment. IT Services have needed to ensure they are mitigating the risks of remote access to sensitive data by securing homeworking devices with patch updates and managing access rights to ensure an acceptable level of security. The human behavioural element is critical to cyber and data security risk. With the dilution of personal interaction, staff can be more susceptible to phishing as they cannot immediately sense-check emails with colleagues. There is also greater potential for controls and safety measures not to be followed, as they are overlooked and ignored to save time and reduce stress.
There can be a perception from users that they can get away with poor practice when working from home, such as sharing confidential files via email whilst in some cases needing to use personal devices to conduct company business. The need to secure the homeworking environment is not expected to be temporary. Companies whose staff have successfully adapted to working remotely may choose to dispose of office space permanently. This will require companies to maintaining high information security standards, both on business premises and in the home working environment.
4 | SCRUTTON BLAND | TECH BUSINESS
Made with FlippingBook Learn more on our blog