Please note: This post was written by Highlander prior to their rebrand to FluidOne Business IT - Sheffield.
Amidst the unprecedented situation in which we all find ourselves, we often hear how we must adjust to the ‘new normal’. That sentiment extends beyond our daily routine to the changes to our working environment as a result of the latest government guidelines stipulating home working.
For many IT teams, simply facilitating this for staff used to working within the traditional office setting presented an immediate challenge, but now the focus has turned to an area which is never far from the top of any IT priority list – user, device and data security.
What may have seemed like a short term measure now looks like a long-term business change, so adapting to the ‘new normal’ means making sure you take the appropriate steps to arm your people with the knowledge they need to work safely from home, alongside the latest tools to secure their devices.
To help you do just that, here’s some of our top tips:
Your users
It’s important to understand that many of your users may well be working from home for the first time, and although this might not seem like a significant change, it presents a number of potential risks.
They’re adjusting to a different setting with plenty of additional distractions as they look to create a home office setup. Even the most astute user will be more relaxed in their home environment and could be caught off guard, which is why it’s important to implement the right processes to protect them.
1) Employee education is paramount
To better facilitate effective remote working, you might have provided your team with new tools to help them access important documents and collaborate with colleagues on major projects. They may even have been trusted with a brand-new device.
Tools such as Microsoft Teams can offer a range of benefits for a disparate workforce, but using any technology correctly, and more importantly safely, relies upon appropriate training. That’s why it’s important to make sure that every member of your team is comfortable using the devices and tools they have been provided to avoid costly mistakes as a result of inadvertent user error.
Training doesn’t need to be heavy or formal as many of the tools you’ll be providing will be pretty intuitive. Simple ‘How To’ videos or live tutorials could be just the ticket.
2) Put a stop to shadow IT
Shadow IT presents a risk at any time, and this is only enhanced when your users are working outside the perimeter of your traditional environment.
As they work from home, your users may look to use their own device, unaware of the risks this presents. As an example, they might not see an issue viewing confidential documents on their own personal tablet, but the file version they’ve inadvertently downloaded presents a significant data protection issue with an unauthorised copy of that file now existing on an unknown device. As such, it’s important to outline the boundaries for your team and reinforce the importance of using the protected devices they have been provided with. Of course, there are tools that can assist you in preparing and enforcing policies surrounding your data and the devices that access them.
3) Policy has never been more important
When working in their usual office setting, your users have the luxury of knowing that IT assistance is never too far away. A quick call to the right extension or a walk down the corridor is all that’s needed to seek any help.
However, help is no longer as easily accessible, and a users’ first instinct might be to simply ignore an issue if they are not sure how this should be handled.
Make sure that your policies regarding IT issues are revised and re-enforced with your team so they aren’t left in the lurch. You’ll have a much better chance to identifying and rectifying any issues if your team are well placed to raise this at the first opportunity.
Your technology
Providing your users with the right information is only one part of staying secure. Once you’ve armed your team with knowledge, you need to engage the right technology to keep them protected.
1) Protection beyond the perimeter
There’s a whole host of solutions and software that can be implemented to better protect your device estate when working remotely.
As a minimum, you need to make sure that every device has appropriate endpoint protection to guard against malware, ransomware and other potential threats. New updates often include security enhancements, so it’s also important to make sure that these protections, as well as the OS and other software, are kept up to date with the latest versions installed.
2) Don’t take a chance with your data
With your users accessing data and applications from a home workspace via their own network connection, you need to keep your data protected.
Make sure your data is accessible from a protected, central location with the option to share to avoid excessive file duplication, and where possible implement policy-based controls to prevent any unwanted access.
It’s also prudent to encrypt your data to ensure this is protected should it fall into the wrong hands.
3) Safe surfing
It’s important to make sure that your users are protected as they search the web, especially as they may also want to use your company device during any down time, perhaps to stay in touch with family and friends.
By enforcing web protections such as ad blockers and limiting access to certain sites, including certain social media accounts, ecommerce pages, etc you can guard against unnecessary risks as a result of visiting potentially dangerous sites.
In recent weeks we’ve helped many of our customers prepare for remote working, and that includes advising and implementing the latest security solutions to keep their users and their data safe. In some cases, the technology is already available to the customer through existing subscriptions like Office 365 and Microsoft 365, and sometimes security measures need to be enhanced with new protections. Either way, if you’re looking for some guidance on how to better protect your business against the latest cybersecurity threats, get in touch with a member of the team.
