Love it or hate it, working from home is going to be the norm for the foreseeable future. Even if your organization does move back into an office sooner rather than later, remote work will likely remain an important part of your culture and so how are you Empowering Remote Teams.
It’s not just a matter of social distancing. Many employees enjoy working from home (WFH), believe they are more productive and believe they have proven it is possible within there role, so they are going to push to continue doing so. That means the office is no longer the beating heart of the company. As one of our clients eloquently put it: the office is going to be a central hub, but not the heart of the business moving forward and so we all need to adapt.
Working from home is the future, and your accountancy practice needs to be prepared for it. You’ve done brilliantly to make the shift to remote work so quickly. But don’t rest on your laurels and some of this is actually placing a plaster on the issues/changes and not a long term solution. Now is the time to establish a long-term IT strategy that reviews your current WFH solutions and sets out a roadmap to secure your business data going forward.
Ready to see how prepared you really are? Take our quick 5 minutes, 10 question quiz as a fun way to find out how your cybersecurity knowledge stacks up
HAVE SHORT-TERM SOLUTIONS PUT YOUR BUSINESS AT RISK?
The speed at which lockdown happened caught many accountancy practices by surprise. You had to act incredibly fast to make it possible for your employees to work effectively in quarantine, and that probably meant adopting a range of solutions and software that you’d never used before or only just kept your business operational.
Unfortunately, those newly-adopted solutions could be putting your business at risk. If you’re like most organizations, you simply didn’t have the time to consider business strategies around working from home.
To be clear, what you did wasn’t wrong; it was done out of necessity. Many accountancy practices and other business around the UK, quite understandably, took the view that short-term solutions would be satisfactory. They could be implemented quickly and removed as soon as things returned to normal. It might seem silly looking back on it, but many of us thought this would all blow over fairly quickly.
Clearly, that isn’t the case. So now business owners and IT managers must ask themselves whether the tools they’ve adopted our compliant with their standard security practices. Make no mistake; your business is a target. While your employees have been working diligently from home, hackers have been working hard to take advantage of the temporary solutions your company put in place.
This is a problem because most of your standard security measures have probably been neglected. Take, for instance, a new laptop that an employee bought so she could work from home. Normally, your IT department or IT provider would set up and secure the device. They’d check it ran a supported version of the operating system, had up-to-date patches, the right antivirus systems and sufficient access controls. None of that has happened in this case. At best, your standard procedures have not been thought about. At worse, they are woefully non-compliant.
DO YOU REALLY NEED THE NEW TOOLS YOU’VE BOUGHT?
Number of daily active users (DAU) of Microsoft Teams worldwide as of April 30. 2020
As part of the shift to remote work, companies have adopted in-vogue tools like messaging platforms and conference call software with little consideration for the security of data, but just to keep communications continuing quickly.
Microsoft Teams has been one of these solutions that have seen tremendous uptake since summer 2019 at 13 million users to now in April 2020 reaching 75 million users worldwide.
Do you know which solution is being used within your practice, with what procedures and what data is being shared? If you do not have a policy around this your staff will create there own virtual policy and your critical high-risk client data (crown jewels) will be stored on various different cloud platforms with little controls around them and with what/who access?
Check out our advice to help Avoid Cyber Threats While Staff Works From Home
The good news is you might not need to use a 3rd party solution/application or any of the other new tools that you’ve bought at all. There’s every chance one of your current software providers like Microsoft Office 365 already has a secure and tested alternative that your IT can manage and create controls around.
Before you continue paying for the conferencing tools and any other new applications you’ve splurged on during lockdown, discuss your ongoing needs with your IT department or IT provider. They’ll be able to tell you whether you really do need these tools and how secure they actually are.
ARE YOU STILL MEETING REGULATORY STANDARDS?
Does your organization have to navigate strict and exacting regulatory requirements? Do you need to maintain GDPR compliance? You may have been getting a free pass for the last month if so.
Up until now, regulators in sectors like accountancy have been relaxed about adherence to codes of conduct concerning data security and storage. They understand the difficulty businesses had in going remote so quickly, and they’ve turned a blind eye as a result.
Unfortunately, the honeymoon period is over. Regulators have come to the same conclusions as the rest of us — that remote working will be the new norm for some time. Letting standards slide for a month was permissible. Letting them slide for several more is not.
Your working environment may have changed, but the importance of the data you store hasn’t. Remote or not, you need to make sure that you continue to protect it according to your industry’s standards.
This question should be a top priority for any organization with rigorous requirements. You’ve had time to start replicating the policies and procedures you had before the pandemic. Put them in place now before regulatory bodies start targeting the organizations that don’t.
HOW ARE YOU KEEPING YOUR NETWORK SECURE GOING FORWARD?
By answering the three questions above, you will have analyzed your post-COVID IT strategy, identified what has worked and assessed whether existing systems and tools can be adapted to meet your new needs.
Now let’s look to the future. Moving forward, how are you going to keep your corporate network secure while staff continue working from home?
Specifically, you’ll need to make sure the policies and procedures you had in place to protect your corporate network in the office can be applied now your employees are working from home.
If employees are using the same device for personal and work use, your business must implement strategies to ensure that anything staff do in their free time does not harm your corporate network.
For example, accountancy practices will have to consider whether they want corporate devices to share the same network connection as personal devices like PlayStations/Xbox and home CCTV cameras.
If all devices share the same router, hackers can use personal ones as stepping stones to access your organization’s corporate network.
WHAT ABOUT THE DEVICES THEMSELVES?
It’s not just viruses, malware and hackers you need to think about, either. You have robust physical security in an office. Your equipment is well protected, you know who has access to it and you can lock your office up at the end of the day. In other words, you have building security like a firewall around that equipment and so data.
But now you have remote workers and potentially remote workers using their own equipment (BOYD) and home networks. Now, these devices are constantly impacted by external risk of theft or loss when employees work mobile, and this is detrimental for several reasons.
Firstly, these devices aren’t cheap. Accountancy practices don’t always have extra budgets within this new 2020 world, and a top-of-the-line laptop is not small change. Second and perhaps more importantly, you’re not just losing the device. Your corporate data is also lost. Worse still, if the data on that laptop isn’t encrypted, you may well be breaching regulatory requirements, too.
Businesses will quickly need to come to terms with the fact that the end-user (aka your employee) is often the single biggest point of weakness within your company. Malicious or otherwise, one errant click in an email or one missing laptop is all it takes to cause havoc within your organization.
As part of this, business leaders will need to ask themselves whether additional employee training is required to work from home. The importance of a strong BYOD policy and the threat of malicious attacks is not always obvious. If it isn’t clear to your employees, that will need changing, too.
This is a stressful time for organizations across the country. But it is also a huge opportunity to establish policies that protect your organization while giving employees the freedom to work where they want.
This isn’t a definitive list of actions your IT team/partner needs to take for improving your IT remote strategy for your accountancy practice. However, it’s certainly a good place to start.