The sudden shift has been relatively seamless for some businesses, while others have found the demands on their IT infrastructure to be roadblocks to success. Most would agree that the pandemic has affected their IT budgets and 2020 plans considerably.
In this time of adjustment and adapting, it's important to remember that a highly secure and well-managed IT network takes careful planning and attention to detail. Although your plans may feel completely thrown-off by the crisis, there are still ways to bolster and improve your IT security strategy.
Online fraud and cyber-crime attempts have skyrocketed during the COVID-19 crisis. Attackers are impersonating the World Health Organisation and other international and regional regulatory bodies, attempting to gain personal information or infiltrate businesses’ critical infrastructure. Fraud prevention firm Cifas has also seen an increase in email scams impersonating CEOs or IT departments, asking employees to share their screens or grant access to their device.
1) Decide which IT projects will provide short + long-term benefits to the business and pursue those.
Evaluate any new IT projects considering the short and long-term benefits they offer your business. Although all investments may feel too risky at face value in the current circumstances, a project to improve your IT security strategy will be a valuable pursuit both now during the lockdown and in the future to support a more distributed model of IT across the business.
2) Communicate clearly with your team about cyber security best practices.
Make a focused effort to help your team implement security best practices. Many people let their guard down when working from home, and the likelihood of blurring personal and business use on devices and during work hours has increased. After all, the family laptop may have been co-opted for work use, meaning your data is being accessed on different devices over home Wi-Fi networks, which are usually less secure than your office network. Include simple and quick refreshers and tips in your team meetings. Be sure to share screenshots or information about suspicious emails or links with your IT team, but also with other colleagues to help spread awareness and learn what these scams look like in real life.
3) Be sure you've implemented tools like email security and multi-factor authentication.
With email security, multi-factor authentication and properly configured cloud environments, you can greatly reduce the risks for your work from home team members. Spotting email fraud has become even more important because of the increase in phishing mentioned above. Are you confident that your filters and email monitoring tools are catching malicious messages? Do you employees know the signs of a phishing email and where to report it?
With so many data breaches happening through weak passwords, be extra vigilant about requiring employees to change their passwords, especially if they haven't done so since the lockdown began. MFA will put an extra layer of security in place to keep your critical systems and data safe from intruders.
4) Reevaluate your storage configurations, access permissions and other settings.
Initially, many businesses were rushed to extend access permissions widely in order to get work-from-home up and running. Nearly three months into lockdown, you probably have a better understanding of which team members require those higher levels of access and which ones can be scaled back to increase overall security. Check with your IT team or managed cloud provider and be sure that monitoring alerts are enabled and sent to the right person or team for careful analysis and threat detection.
5) Assess, test and improve your backup or DR processes.
With the geographic sprawl of your employees and your IT network dramatically increased, it is more important than ever to have confidence in how you will respond to data loss, breach or unplanned downtime. Are employees familiar with your incident response plan, as well as who they should contact in case of lost files or a suspected breach?
In a study of UK business leaders, nearly 50% of respondents said that their backups were kept on a separate system within the same office - indicating a troubling lack of disaster recovery plans! With many businesses operating entirely remotely at the moment, the lack of accessibility could be crippling.
A successful DR plan will equip your business with a cost effective means of replicating your critical IT systems to an enterprise class secondary location. It is tested frequently and can scale with your business as your needs evolve. If yours needs re-evaluation or testing, then get in touch with a trusted MSP to start the process.
We can help you to choose, configure and deploy IT security tools that will keep your business secure during a time of significant strain and new challenges. Our 24/7/365 UK-based help desk provides the support you need whenever you need it, for peace of mind and confidence in your IT!