Learning the lessons of last Summer…

The past few months have proved to be very challenging for every firm, with some coping better than others. Firms have been learning the hard way of what to do and not to do. The trick now is to learn the lessons of 2021 to herald in a better and brighter future for 2022.

What new things have we learned?

Business continuity plans have had to be re-worked and cyber security has needed more booster jabs to keep abreast, let alone ahead of the threats. Investment in tougher business continuity plans and cyber security awareness training is gathering momentum to become more the norm in future.

Smart tech has become a vital element in the reconfiguration of business continuity plans, creating a lifeline for many firms who have embraced their mobile phones, email, social media, cloud technology and video conferencing to continue their work, almost normally.

By investing in these things now, firms are developing stronger and more robust business platforms, both in the office, for home workers and their clients. There is no doubt the introduction of Microsoft Teams and Zoom technology has encouraged a greater sense of commitment to ‘the firm’, with home workers developing their own ‘can do’ spirit.

What have we got better at doing?

Communications from the office to home workers and vice-versa have had time to develop more streamlined processes and procedures. Cloud security is better, although not perfect. Through stronger logins, passwords and multi-factor-authentication methods, firms are investing in their futures with greater confidence.

Throughout the many lockdowns, most firms have learned, while office-based security maybe solid, home working security needs tightening-up. Added to this, greater investment is needed in better laptops, microphones, webcams and other similar equipment we are now beginning to recognise as part of the essential ‘home working kit’.

What has been the biggest obstacle?

Business cashflow in these difficult times has been hit hard and for many firms and the thought of more expenditure being made on laptops and home worker security training seems impossible. However, at a time of comparatively low interest rates, there continue to be many sources of competitive business finance to help fund computer equipment and cybersecurity training and other home office essentials.

Throughout the pandemic, cyber criminals took full advantage of the vulnerabilities of home workers’ personal computers by increasing phishing, ransomware, and malware attacks. Firms have been learning a lot from these break-ins and have been beefing-up security methods at home to ensure office style security is also in place at the ‘home office’.

At the same time, employees have been crying out for smoother access to the firm’s office systems. Home and remote workers are now using stronger security procedures and getting used to applying office-based standards, as set by their IT technicians when using the firm’s cloud services. The use of strong usernames, passwords and multi-factor-authentication as the minimum requirement is giving the office IT staff fewer sleepless nights.

Accreditations like the Cyber Essentials Certificate and ISO 27001 have become popular during pandemic – and raising security standards both in the office and at home. Investment is also going into better and longer-term planning of home security, with more firms carrying out home risk assessments, where possible risks are identified and solved or mitigated.

What can we take forward?

Some firms are experimenting with their own internal evaluations where monthly meetings are arranged on Zoom, Microsoft Teams or in the physical office, to discuss what might have changed and or needs to change. This – and any other aspects concerning access to office systems and cyber and data security – can each be reviewed and revised accordingly, particularly in regulated markets where strict compliance is essential. ?

What can we build upon?

It is even worth considering signing-up for CREST-accredited training to improve security awareness of employees working from home. CREST-accredited trainers (Council of Registered Ethical Security Testers) can be found online at CREST, where you can search for individual approved members, arranged by service type.

What’s next?

Regulators, such as the Information Commissioner’s Office (ICO), which previously made some allowances for the consequences of covid 19 are no longer making them. While there is still a number of organisations giving covid-19 excuses, the consumer has had enough of these and is keen to get on with a more positive and upbeat script.  

Alastair Murray is director of The Bureau: the-bureau.co.uk