Avoid relaxing your IT Security to enable working from home during the COVID-19 crisis

With the world in the grips of an unprecedented mobility lockdown due to COVID-19, IT and its use has been brought into sharp relief and what might previously have been a casual work-from-home affair has become the norm for great swathes of business.

The Coronavirus (COVID-19) may be front and centre in peoples’ minds as a threat, but this does not mean that all the pre-existing threats have taken their own holiday.  Indeed, it is at times like this that nefarious actors have ramped up their efforts and the IT world has become that much harder to navigate.

In mid-March, a frantic scramble ensued to equip office-based workforces in so many different businesses with the ability to work from home, as it was either this or no business at all.  Everything happened in a blur, and accordingly many processes designed to bring order and sanity to the IT landscape found themselves coming second to a pressing need to continue business from home.

The outcome of this can be seen with people redeploying laptops belonging to other household members, installing business software onto these, and not worrying about anything else aside from the clamour to re-join the online crowd.

Whilst this is all somewhat in the past, and was a necessary evil to provide “business as usual”, the long-term ramifications are now starting to bite and security holes have started to be exploited.

The message here is clear.  REVIEW your IT security.  There is a clear correlation between IT projects that have been speedily implemented and IT security holes, and a secondary task should be to audit what’s occurred and fix any security holes before they are exploited.

For example, employees using their own or their children’s laptops/desktops for office access are in many cases opening up the office network to whatever else exists on the laptop including potential illegal downloads which are a large source of viruses.  They may also be opening themselves or the company up for a piracy lawsuit if the software they’ve installed on the laptop hasn’t been properly licensed.  Hastily implemented VPNs can unwittingly expose company data to whoever cares to look.  A bad choice of cloud services could lead to company secrets going to your competitors or the highest bidder.  A change in the way of working without considering issues such as backups can lead to the company’s demise in future.

Here’s a quick checklist for your IT review:

• Are any third-party computers (not owned by your business) being used to access your company’s data?
• Have you extended your corporate security software to these third-party computers?
• Have you discussed with your employees the security issues associated with letting others use computers that connect to corporate networks?
• Do you have plans to replace these computers with company-owned and managed assets?
• Have you extended your licensing of software provided for use on these computers?
• Whilst connected to the company network, can you browse websites you wouldn’t normally be able to whilst inside the company’s network?
• Are your company emails going into non-company mailboxes that are shared with other accounts?

These are just some of the potential pitfalls awaiting today’s business but the issues raised and the checklist is not exhaustive – an audit is recommended in order to mitigate risk.

Michael Knowles is Managing Director of Collaborative IT and happy to give a second opinion on your IT security setup.