In IT security & risk there is a degree of truth in the fact that when the bulk of your employees are in the office, the risk level of a data breach is lessened. Everyone is in one place and things feel contained and secure. However, even before Covid-19 caused a seismic shift in working practices, that wasn’t strictly the reality of the situation.
At the centre of any data breach or hack is a human being. The human who is trying to break into your servers and access information, or the human in your business who mistakenly clicks a link they shouldn’t have. In the middle of these two sets of humans are your practices & protocols.
In essence there is no point in having robust practices & protocols if your employees aren’t educated on best practice, and vice versa. These two elements go hand-in-hand to creating a secure level of protection against external threats.
Getting it right from the outset
Whether you’re designing a set of practices & protocols from the ground up, or reviewing and updating, it is important to design something that fits your business. Completing an end-to-end analysis of your IT needs and identifying areas of risk is a good place to start. Are your people working remotely, are they traveling frequently, or are they mainly office based? What type of hardware are you providing them - mobile devices? If so, then the risk that a device can be accessed by someone it shouldn’t increases. What if they leave it on a plane or train?
Putting the right tech in place
Every piece of hardware and software can be protected. The level to which you decide to protect assets will be a contributing factor to the security of your network. What does your password protocol look like? Have you implemented multi-factor authentication? Is data being stored on servers rather than individual devices? Are devices encrypted?
It is key that you adopt software from reputable suppliers and that you do your own due diligence when selecting a new supplier. Investment upfront can save you money, hassle, and reputational damage down the line if something goes wrong. Think how costly and timely it is becoming for the UK Government to reverse out Chinese software giant Huawei from the now delayed UK 5G network project.
Educating your people
Often breaches can occur due to human error or ignorance. In this new world people have been taken out of their comfort zone and sometimes the technology they have is insufficient to do their jobs as well at home as in the office. This inevitably means shortcuts that can have long-term ramifications. Perhaps they have a better laptop at home and decide to work with client data there, but they get a piece of malware and the confidential data is stolen. Or, they receive an email from a colleague asking them to provide information, which they duly do, ignoring the subtle but clear red flags that this an elaborate scam.
Regularly educating your staff about the importance of security and best practice can go a long way to helping mitigate risk. You should seek to make this part of a heightened IT security culture, where people begin to think security first.
It isn’t easy transitioning to a fully home-based or blended working environment, for either employers or employees. Taking time to adequately assess employee needs and balance them up with a risk assessment is a sensible approach to take. It is appropriate to build in human and software error to your plans and ensure you have a robust response mechanism for identifying and resolving breaches or risk events. Central to this activity is an ongoing programme of education.
If you want to chat further about your security processes & protocols, or how to assess your risk areas, please get in touch with me: firstname.lastname@example.org
The information contained in this article does not constitute business advice and should not be acted on as such. This content is based on our understanding in October 2020. Head Resourcing are not liable for the information contained on any third-party websites linked to this article.