The pandemic has brought immense hardship to many. Fortunately, at least some of its economic impact has been mitigated by the reliability of communications technology - one of the few positives to come out of our current predicament.
That so much of the economy was able to shift to mass remote working - and now a hybrid-model, with workers split between the office and their homes - is incredible. Had this terrible virus hit at almost any other time in history, its economic damage would have been far greater.
But there is another side to this story. Remote working brings security risks, especially when it comes to the communications and collaboration technology staff are relying on more than ever to stay productive. And with firms now turning to even more complex hybrid-working models, IT decision-makers must consider the security of their staff productivity infrastructure more carefully. With that in mind, here are some key things to consider.
With staff returning to the office, data hygiene is even more important
Many staff will fail to regularly update their home Wi-Fi passwords, antivirus software, and other basic elements of online security. In the more relaxed confines of their home, they may also be less thoughtful about the websites they visit, or the emails they open.
There are some common-sense actions IT managers can take to mitigate these risks – like ensuring staff update their antivirus software before they return to the office. Ideally, an organization will already have control systems in place to ensure that devices receive the latest security updates whether devices are on or off the corporate network – those who do not may be left in a trickier situation.
It is important to ensure staff get in the habit of thinking about the environment in which they are working from a security perspective. Guidelines for how staff can prepare their IT for the return to the office are a must, as is adding those guidelines to an IT hygiene segment in any back-to-the-office communications.
These actions are straightforward and mostly common-sense. What may be trickier - and is particularly relevant when it comes to communications and collaboration technology – is the threat of shadow IT.
Communications technology is especially vulnerable to replacement by shadow IT
Unapproved communications technology is one of the most common forms of shadow IT, and it is not hard to see why. Most of us use a form of mass-market communications channel such as WhatsApp or Facebook in our personal lives, and for some, the familiarity and ease of use makes using these platforms for work a logical step.
But this behavior poses significant cybersecurity risks. Just last year it was revealed 25 million Android phones were infected by malware via WhatsApp – it is not hard to imagine the damage that could do to an organization if staff devices were infected.
Mass market communications platforms are simply not up to the standards required for corporate communications, and yet using these channels to exchange confidential information is far too pervasive.
How to mitigate the risk posed by shadow IT
Much like the Covid-19 virus, it is difficult to completely eradicate the risk of shadow IT in an organization, without being overly restrictive on the end-user. However, there are ways to mitigate the risk.
Start by asking why employees are turning to non-approved solutions in the first place – are they aware of the relevant policies, or are the approved tools difficult to use? Asking yourself these questions can often lead to some clear first steps.
Mitigating shadow IT means ensuring staff have the right tools to do their work efficiently. For instance, does the communications solution provided feature a quick chat function? If it does not, it could explain why staff rely on a consumer app instead. Polling staff on which features are important to them is a good way of getting a quick picture of where the gaps are in current provision.
Choosing a secure communications and collaboration solution
If your staff are choosing shadow IT over approved tools, consider your options.
It is vitally important to assess the credentials of the vendors you are considering. They should be established, with the necessary resources to provide long-term support, but also innovative enough to provide new features and regular security updates. It is a buyers’ market and there are plenty of options – so there is no good reason for businesses to leave gaping holes in their firm’s cybersecurity with irregularly updated legacy solutions.
To this end, one of the benefits of a cloud solution is that they can be easier to update and upgrade when necessary. It is also possible to update and upgrade all devices at the same time, preventing blind spots.
Buyers should look out for features like encrypted end-to-end communications, single sign-on, multi-factor authentication, and security against meeting gate-crashers. These features should be standard, so be wary of solutions that do not offer them.
A vendor’s compliance with general regulations like HIPAA or GDPR should also be considered, depending on where you operate. And if a business operates in a highly regulated industry like banking, look out for solutions that are compliant with relevant regulatory guidelines.
Returning to the office poses fresh IT risks – make sure your staff are prepared
When it comes to your business’ communications solution, now is the time to think long-term. Business leaders can be forgiven for setting up in a rush as things kicked off, but it is clear that hybrid-working is the future.
Cybersecurity truly is a people business. The right tools are only one part of a robust security set-up – the people that use it will always be its greatest point of weakness. In this era of part-remote, part-office based working, clear communication to employees around the importance of secure communications and collaboration will be paramount to overall success.
Mark Kelly, Vice President IT Operations (Global), Mitel