IT Security: What Lockdown Has Taught Us

Few businesses were ready to close their office doors for an indefinite amount of time and send all their staff home during 2020.

Sure, for some companies, this may have been a seamless transition, but for others it was a huge challenge.

However, working from home doesn’t mean that the same level of productivity, creativity, and communication can’t be achieved. Providing staff members have access to the same software, tools, and devices they’re used to at the office, they could actually achieve more.

This brings with it some inherent security risks. But, boy, have we learned a lot about IT security during lockdown.

Here’s what you need to know if you’ve adopted a hybrid approach to work.

What can be done to limit the risk of hybrid working?

Hybrid working is great, in theory, because it allows employees to achieve a satisfying, stable work-life balance. But working from home and on public WiFi comes with many risks.

The good news? There are plenty of things you can do to limit the IT security risks that come from this way of working.

Start by making sure your hardware is encrypted – this will keep your data safe.

A case in point: in 2008 there was a huge security breach where a Cabinet office employee left top-secret files on a train. Thankfully, someone spotted the files and handed them over to the BBC and they eventually made their way to the police.

This could have been a disastrous event, but would not have been an issue if the files were encrypted or, better, nothing was ever printed out or able to leave secure grounds.

Two-factor authentication is also essential. This requires the user to provide two forms of identification, before allowing access to the app or website. So, if something offers two-factor authentication – turn it on!

Biometric security is an increasingly popular method for allowing access to devices, when the technology permits. Thankfully, most macOS- and Windows-based computers and handheld devices now feature some form of biometric security as standard.

It’s also important to consider scaling your approach to IT security as your business grows. Your company is only as secure as the time and money you invest in its cyber defences. So, make sure that, as your company grows, so too does the IT security.

Lastly, and at risk of sounding like a broken record, keeping software and operating systems up to date is no longer optional (it never was, really!). The same goes for team members; they should be constantly updated and trained to look out for the latest phishing scams and known instances of social engineering.

People are unfortunately the weakest link when it comes to security issues. But that’s something which can easily be fixed with the right training, as we discovered throughout 2020.

Don’t overlook the power of passwords

Passwords must be secure. This might sound an overly simple and somewhat overcooked piece of advice, but remember – humans are the weakest link when it comes to cyber security.

It’s particularly easy to become slack and lazy when it comes to password management, but it’s the first line of defence. If someone guesses a password and you’ve used it across multiple services and apps, the damage they could do is untold.

Equally, if you’ve implemented some form of global password management, don’t allow access to everyone and sundry; limit it to need to know basis.

What have we learnt?

The work climate has drastically changed over the last two years. However, the biggest takeaway is that IT security should always be a top priority whether working in the office or at home.

This new way of working isn’t changing any time soon, either. Thankfully, lockdown has taught us that working from home doesn’t mean that the world stops and the office collapses. But it has also taught us that security breaches are even more of a threat without the right level of defence and in-house knowledge.

If we’ve sparked a concern (or two) today, please get in touch with the Compex IT team, who will be happy to chat about the best route forward for your cyber defences.