Your remote team should be managed to reduce cyber risk
We can’t ignore the impact the pandemic has had on businesses: some now have fully remote teams. Others have focused on digital transformation… and some have sadly had to close their doors altogether.
With organisations struggling across the country, Linkedin has been awash with talented professionals being made redundant because of the impact of COVID-19, searching for new roles so they can pay their bills.
So, if we have a newly remote team and some members still furloughed, we have to acknowledge that our people may be nervous of the future.
And that’s understandable. Even some of the businesses that have continued operating comfortably through this period have taken the opportunity to reflect on what they’re doing, restructuring and readying themselves for the country’s long road to recovery.
With this in mind, it’s to be expected that some of our team members might be fearing the worst, wondering whether they’ll still have their jobs at the end of it all.
How can business leaders manage their remote team to minimise risk?
Firstly, we have to acknowledge that there is an increased risk with a remote team. Suddenly, having decent visibility of our people is nearly impossible. We have no assurance that they’re following company policies and procedures – or even using company technology with appropriate controls.
Now, imagine a member of your staff fears they will lose their job to redundancy. They’re probably keeping an eye open – at the very least – for alternative roles. Who knows – maybe your competitor has a vacancy.
This thought would worry me. Suddenly, you have people with privileged access to systems and data, concerned about their future and in conversations with a competitor.
What is to stop that staff member downloading your client database from your CRM and taking it across the street, where they’ve accepted a new position with a rival company? When they’re working remotely, how would you know if they had?
It’s not far-fetched. It happens all the time.
Your people right now might have both the motivation and the ability to misuse your sensitive company information. This should be on everyone’s risk register.
So, how do you reduce this risk?
Even though we could suggest some fantastic technology that gives you visibility of everything that happens on your network, I’m not sure it’s the place for you to start.
There’s no point installing CCTV before you’ve put locks on the door.
This problem needs addressing at source, which means you need to identify areas of risk, reducing the motivation where possible and certainly the opportunity.
1. A remote team requires honest communication
Talk to your people. Update them regularly – even if you have nothing new to say. If things are currently stable and the risk of redundancy is low, let staff know! Tell them how valuable they are and how you envisage their return to work going. Get them to start thinking about the future and planning projects or brainstorming ideas. Ensure they feel involved and confident they still have a place with you.
And if you aren’t sure? If redundancies are on the cards? Remember to be human. You can still be a kind, empathetic champion for them and their future while meeting your legal duties, confidentiality and non disclosure requirements during the process. If you can make sure it ends on good terms and there are no hard feelings, having acted totally fairly throughout, the chances of staff feeling disgruntled and wanting to act unprofessionally or out of character is hopefully massively reduced.
2. You must check your access controls
If there is a risk, then you need to ensure your access controls are in place before starting the redundancy process. With a newly remote team, there may have been data seepage through the bedding in period. Running an audit and bringing everything into line before commencing this painful process would be advisable. Now is the time to review your permissions register. Identify and record who has access to what files, systems and software, and at what level.
Even if you aren’t planning on losing any members of your team, it’s still wise to check and ensure that everyone can only access the information at the minimum level they need in order to do their jobs. This limits risk enormously. Suddenly, only four people who could potentially download your client database are able to, instead of the thirty who could have done so before.
3. Now you can think about the tech
Once you’re confident with the above, it might be worth considering a SOC or SIEM solution, to give you total visibility of all activity on your network. It’s like CCTV for your IT, alerting you to threats in real-time; whether they are internal or external.
We have a solution powered with enterprise-level technology, designed for SMEs with remote workforces and complex environments. Click here for a minor detour, where you can find out more.
It’s all about using appropriate controls and common sense, really
Solving information and cyber security concerns isn’t always about splashing out six figure sums on fancy new technology.
Often, it’s just a case of utilising your existing resources and plugging the obvious gaps – much of which can be done by you and your team. If you can keep your people onside, and mitigate any resulting risk appropriately, you’ll likely be in a far better position than your competitors.