The COVID-19 pandemic has drastically affected all aspects of everyday life, from the home to the workplace. In fact, for many of us, the boundaries between home and work have all but disappeared.
Working at home was already on the rise before the lockdown, with 1.7 million people in the UK reporting they worked for home in 2019 (Office of National Statistics). This however drastically changed when the COVID-19 pandemic hit, and Boris Johnson spoke to the nation to advise us all to stay inside and work from home where possible. In less than 24 hours, the UK came to a halt and the majority of the population were at home for the foreseeable future. The ‘work from home’ movement had finally come into its own.
Now, with less COVID-19 cases emerging and the social distancing measures relaxing, it is time for businesses to re-think their strategies and decide how they are going to move forward.
Whilst at home, staff may have faced a lack of dedicated workspace, unreliable internet, or even home-schooling challenges, so it is important that businesses consider all the factors moving forward and allocate the right equipment and technology to their staff along with clear, organisational guidance.
Moving Towards Secure Office Working
It is now, more important than ever for businesses to rethink their security as company data and devices are being used from a variety of remote locations to enable home working.
The traditional security approach for businesses has been a perimeter-defence model (also known as ‘castle and moat’) where IT teams would build a wall of protection around their network and activity within the network was safe and trusted. With remote working, this is not possible as staff need to access data from any location, and potentially on any device which may be outside of the business network meaning a clearly defined boundary does not exist.
The ‘newer’ security model to support modern, remote working is Zero Trust. This model uses technologies and approaches to automatically verify access, continuously monitor, and detect threats and anomalies using machine learning.
With the move towards the Zero Trust model, a few considerations can be made in the interim to get your business in a better, more secure position. These are:
- Identity. Where possible, enabling Multi-factor authentication (MFA) is a good way to reduce the risk of weak passwords and apply conditional access policies to automate security verification checks. By doing this, you can not only check the health of a device, but also the user and location so nothing is unsecured or blocked.
- Devices. Enabling endpoint protection to secure all your devices is a must. By doing this on both corporate and personal devises you can manage everything remotely and rollout any patching, anti-virus, or security controls centrally. This gives you the visibility and control and your staff the peace of mind knowing that they don’t need to do anything. We recommend Microsoft Intune, which is included with Microsoft 365 (also giving you Office 365).
- Analytics. Use analytics to gain visibility over your IT network and infrastructure so you can easily monitor and detect potential threats. Using AI security technologies means that any new threats or suspicious activity is detected, alerts are sent to you and you can quickly resolve them before any serious damage.
If you are unsure about your current security, it could be worth considering a cyber security assessment to review your setup and identify weaknesses that need to be addressed.
Ensuring Client Data is Secure – In the Office and At Home
Whilst working at home, security is not the only priority to consider. Client data needs to be secure and protected as with remote working, mobile access and cloud apps, data can travel anywhere very easily.
Businesses need to consider what approach they are going to take. The modern approach is to make data ‘self-protecting’ by using data classification labels (i.e. Highly Confidential, Confidential, Public) and have policies assigned to them to control what can or cannot be done with the file. This means that every file has a policy in place that stays with the file so it does not matter where it goes, it will have the right protection in place.
An example would be, you can set policies so that confidential files cannot be forwarded or printed. We recommend Microsoft Information Protection as you can centrally manage the policies and quickly change any levels that apply to the file immediately, such as revoking access or setting expiration for access. This greatly helps with data governance and compliance, particularly for increasing data protection regulations.
Working Productively at Home
Ensuring the workplace is secure and data is protected is one thing, but another big thing to remember is your staff’s productivity whilst at home. It is important this continues, and the communication and collaboration between teams isn’t lost.
Two quick wins which can be applied to your business immediately to see quickly gain results include:
- Collaboration tools. Rolling out collaboration tools, such as Microsoft Teams (included in Office 365) enables remote meetings and teams to work together. By using this tool staff productivity, engagement and morale increased. It is a really good way to make sure teams stay connected and continue to work together.
- Migrate applications and data to cloud. Using apps which are located in the cloud, such as OneDrive or SharePoint (also included with Office 365) gives you the built-in security of knowing that your data can be accesses anywhere and is continually backed up. Some legacy applications will be harder to migrate, so it is worth focusing on the quickest wins first for immediate value.
Collaborating and communicating is key, but it is also important to provide your staff with an insight into the best ways of working at home. Our tips include:
- Be wary of phishing emails. With the increased move to technology, cyber-attacks are becoming more and more popular and have substantially increased during lockdown to take advantage of remote workers. Always remember:
- To not click on suspicious links
- To check who the sender is. Do you know them?
- To check any website that asks you for login credentials
- If you are in doubt, do not click on anything and contact your IT team immediately
- Keep personal and work devices separate.
- Use your work applications. Do not save work files in new locations or use personal email to share files (also known as ‘shadow IT’ as this can be outside of your IT teams control)
- Use the tech you have! Call colleagues, have video meetings, instant message and check in with your team. Stay connected with everyone – do not neglect your own health and wellbeing.
Switching Business Back On
A lot needs to be considered to switch business back on and move forward efficiently following the pandemic. It is not going to be an easy task or something that is done quickly, but hopefully with a combination of short-term stopgaps and longer-term solutions, businesses will get back up and running in no time.
Looking ahead, it is likely that flexible and remote working is going to continue and the move back to the office will be gradual. In a number of cases, ‘hybrid’ working (between home and office) is going to become the norm as staff have enjoyed the benefits of remote working and businesses may start to consider reducing office spaces to save on overheads.
With COVID-19 hitting us so fast, a lot of the technology was implemented quickly to make sure businesses could keep going and staff could work at home efficiently. As we move out of lockdown and the restrictions ease, it is important for businesses to review their security measures and the technology they have in place to see if they are using them efficiently and maximising the value of investments. Office 365 is a common one where businesses only use a few elements but are paying for a lot of great apps they may not be aware of. Now is a great opportunity for organisations to adapt and improve their technology – using digital transformation to support long-term success.
If you need any advice or support, please contact us.