We are witnessing a scale of home working on a level that we’ve never experienced before. And as businesses under government guidance, empower staff to work remotely wherever possible, concerns around how they continue to keep data safe and secure will be front of mind for business owners
It’s fair to say that COVID-19 has meant some serious changes to their IT infrastructure for most organisations. As businesses and employees have settled into this new way of working, we’ve seen even routine tasks such as sharing large files or accessing sensitive information via the company network can be difficult while still adhering to company policy. Employees might be looking for ways to send multimedia files or are suddenly having to share more, and different data via email. Using insecure transfer solutions can lead to mistakes, loss of control, and potential breach incidents. In addition, businesses need to consider where data is being hosted when they upload to the Cloud, particularly considering some the stringent data residency rules as part of GDPR.
These companies continue to struggle to get everything in place, and in the meantime, this creates an environment where workarounds and shadow IT have crept in “just to get the job done”. After all, when productivity is at risk, security will often take a backseat.
From individual employee’s perspectives, our routine way of working has changed. There is a blurring of the boundaries between home and work leading to more people communicating beyond their normal working hours and from smaller screens (mobile devices and laptops etc), trying to maintain productivity at normal standards or having to amend their routines around personal circumstances. In this disruptive and highly stressed environment, the likelihood of making a mistake when sharing or collaborating on sensitive data increases.
Even before COVID-19 and large-scale remote working, figures published by the ICO found that 60% of personal data breaches in the first half of 2019 were the result of human error.
So what can businesses do?
1. Look for security software that doesn’t hamper productivity – Right now, employees are feeling increased pressure to prove their productivity. If you’re finding yourself selecting new solutions, its never been more crucial to select technologies that don’t add difficult extra steps for them or anyone they’re working with outside the organisation.
2. Automate security wherever possible
3. Engage employees over security best practices so they know what to look for, what to do – phishing emails are a good example of this
4. Choose collaboration/productivity solutions that have security baked into them.
5. Implement no-fault reporting – People often don’t report security incidents because they’re concerned about repercussions. Where it’s appropriate to do so, implement no-fault reporting to encourage individuals to report incidents in a timely manner.