Many management and IT teams have done an amazing job over the last few months, completely changing their working environments to shift most, if not all, their staff ‘offsite’ in such a tight timeframe. A project completed in just a matter of weeks or months, which would usually be assigned many more months if not years to plan and carry out safely and effectively, is a great achievement, but at what cost?
Have we left major security gaps that can be exploited by hackers? Or have we locked our doors so tight, our staff are struggling to work effectively?
Finding the right balance between security and efficiency can be challenging, especially when under immense time pressures. Now the dust is beginning to settle, what can your organisation do to review and adjust your remote team connectivity to deliver on both levels?
Securing the remote environment
Cyber security has been a hot topic over the last few years due to the ever-increasing and high-profile attacks seen on numerous major and international organisations. The introduction of new or enhanced data protection laws such as the New Zealand Privacy Act, The EU GDPR and more recently within the Middle East, country regulations such as the Bahrain Personal Data Protection Law (PDPL), have only acted to enhance the focus on properly securing our systems and data.
We successfully locked our doors and secured ourselves, then Covid-19 came, forcing us out from behind our carefully built layers of security and into a more dynamic working landscape. We now need to work out how to safely open things back up again to allow our teams access to our data from outside our internal networks.
For a lot of our clients, remote working was already something on the agenda, and some had even set it up for key employees or senior management, but most had not finalised an effective strategy to roll out organisation wide on the scale that the current crisis has required.
Most IT departments have worked tirelessly over the last few months to implement their remote working strategies and in turn most organisations are now rightfully feeling very proud of themselves and the speed in which they have adapted their operating environment. But that does not mean the job is even close to done.
· How many of these changes have been properly tested to ensure airtight security?
· How long can you be comfortable just hoping no hacker notices the gaps before they can patch them up?
· How many staff are using old laptops they had at home already which very likely have some sort of previous malware embedded somewhere?
· How many staff are on home WIFI networks which may have been compromised a long time prior to the start of this pandemic?
· How many staff or managers are reading or printing confidential company information and data in an unsecured environment which is open to visitors and potential prying eyes?
This is just the start of a very long list of security questions which may find serious compromises within your current infrastructure. My hope is that most IT teams will have already addressed most, if not all, of these obvious problems, but if you are not, then now is definitely time to clean up your systems; before someone else notices!
Balancing Security and Efficiency
Implementing secure remote access comes with its own set of usability problems: it can often take forever for a member of staff to get in to the system; layer after layer of passwords and links before even accessing emails. Or once you have logged in to your emails, you can’t just jump online to check something on Google, because your VPN is blocking access to anything else outside of your internal network. All of this creates a very secure environment, but not a particularly productive one.
That’s not to say there aren’t a number of good technical solutions out there that are able to allow both very tight security and also efficient ways to navigate through them, I just don’t know many organisations that been able to secure enough budget or had enough time to implement them yet.
How can you improve?
Before we accept anything as the ‘new normal’, or use any of our current practices as a roadmap for long term success, now is a critical time for an organisation to take a deep, long look at everything they have done recently and ask a few questions:
· Are our systems and endpoints truly secure?
· Are our people able to work within our systems as effectively as they were from the office?
· Are our people truly happy with the current setup?
And if the answer to any of the above is no:
· What can we do to make it better?
This may come across as all too easy, but the process of gathering the right information to answer these questions effectively should not be taken lightly. You will need to spend serious time and effort engaging the whole business and digging in to everything that has happened over the last few months, alongside any existing structures and procedures, and figuring out exactly how it will all best fit together going forward to ensure both organisational effectiveness and long term resilience.
If you would like help assessing you current environment or planning your next steps, then why not download our Free Standby Consulting Lessons Learnt questionnaire here or contact one of our team to discuss how else we may be able to help.
About Standby Consulting
Standby Consulting are specialists in organisational resilience based out of New Zealand and the Middle East with a presence in Bahrain, UAE and Saudi Arabia. With a wide range of experience across most business sectors, Standby is here to support your organisation in the development and implementation of your critical Business Continuity, Disaster Recovery and other resilience activities. We help our clients and partners by offering independent, honest, and experienced advice to ensure that all of your bespoke resilience needs can be met in a timely and cost-effective manner.