One of the challenges that have faced HR and IT departments during the coronavirus pandemic has been how to facilitate remote working for the workforce as offices have closed, and employees have had to adjust to working from home. But for some home workers, productivity has been prioritised at the expense of cybersecurity.
Without a doubt, COVID-19 has created additional security threats as attackers attempt to take advantage of the situation. According to a survey from legal charity Citizens Advice, almost a third of Brits have been contacted by scammers since the beginning of the global pandemic.
The charity says they have seen a 19 per cent spike in website visitors seeking advice, and an increase of people calling to report fake claims from scammers concerning testing kits, vaccinations, and government refunds.
For many businesses, this is the first time they have needed to facilitate remote working, and even those who were already equipped for remote access have not been fully prepared to enable home working on such an unprecedented scale witnessed during the crisis.
Working from home shouldn’t prioritise productivity over security, but unfortunately, this is what is happening in some cases.
IT departments are aware that if they don’t equip employees with the appropriate security tools, policies and training, there’s a danger that a compromise or a breach could bring the whole business crashing down. But this requires additional support, resources and budget that firms are unable or unwilling to sign off.
Other potential security breaches include the unavoidable need for employees to travel home with sensitive information in physical document forms. These would need to be kept secure at home. It would be near-impossible to stop this practice, and companies must come up with a stringent plan for the storage and the destruction of company documents once they’re done with.
There are still security risks to consider in the workplace also. Whether firms are operating at reduced capacity or have shut down entirely during the lockdown, there remains the possibility that papers and documents will have been left at workstations in the office.
Companies need to enforce a clear and clean workspace policy to reduce the need for physical sensitive information to be left lying around. There must be clear guidelines regarding what needs to be filed, what needs to be shredded and at what intervals.
Many organisations have access control systems, and employees will need to be reminded not to share their identification. Employees need to be trained on the vital importance of protecting their IDs or access cards. Without training or regular reminders, employees will often share or lose their access cards.
The days when business security ended at the office walls are long gone, and the new security perimeter is now digital. There are cloud-based tools that allow IT teams to monitor and protect devices off-domain.
It’s not just about the tools and how they are set up and configured. It’s also about instilling a think-before-you-click culture that embeds security in everything the company does.
If your company needs Information Security and Data Protection consultancy services, come and talk to us today.