Your Covid-19 response has set you up for increased security risks in 2021. IT departments scrambled to support staff as they shifted to working from home. That effort was remarkable and successful, but it’s time to consider the security ramifications.
Among the pressing issues is the danger of shadow IT, long the bane of IT departments everywhere. During the pandemic, 47 percent of IT specialists say they saw users turning to shadow IT to get their work done. It’s understandable: stuck at home, often without sufficient training to do everything they needed to do, many workers were not equipped to be their own IT departments.
If a task needs completing and the tech isn’t playing ball, why not email that file from your personal email account? What’s the problem with switching to Zoom when you can’t get that Teams meeting to work? You can’t expect people who find themselves struggling with entirely new workflows and applications to understand the risks of using unsanctioned tools to get the job done.
But the risks are there: a greater likelihood of data breaches, an increased security threat landscape, and the potential failure to meet regulatory or compliance standards. During the ‘digital transformation’ era, IT departments battled to manage shadow IT. That battle might need to be fought again.
A second area of concern is with employee’s use of company devices. Many more people now have company laptops or smartphones and they probably aren’t going to give them back. In our recent remote working questionnaire, just 10 per cent of respondents said they planned to return everyone to full-time, office-based working. Meanwhile, 48 per cent of respondents said they would like to go to the office from time to time, but otherwise wanted to retain flexible working.
That’s great. These new endpoints are secure, right? You definitely made sure of that before you shipped them? Of course you did. And employees are going to use those laptops and smartphones to work wherever they are. They are also going to leave them on trains, write their VPN passwords down where they shouldn’t and generally cause security problems.
Cyber criminals and state-sponsored hackers have already taken advantage of the pandemic to increase their phishing and ransomware attacks. How can you reduce the risk as we return to the new normal?
Basic steps include reminding people of security best practice and providing training where necessary. Not every instance of shadow IT has to be rooted-out - some of it will be harmless - but informed employees will make better decisions. If people are using their own devices, then a VPN or a dedicated work profile can offer some protection.
You need increased visibility of your cloud and network resources, introduce conditional access policies and zero-trust IT. Ensure you are using secure-by-design applications, too. That’s the kind of thing that we deal with every day. Our customers want a one-stop shop for expertise, advice and guidance, and that’s what we deliver. We’re here if you need us.