Get ready: Why IT security may soon be mandatory for your remote workforce
Remember the days when working from home was a novelty? Employers keen to engage a modern workforce developed flexible working arrangements that allowed staff to spend a day here or there working remotely – usually via VPN or on files saved to their laptops.
With the rise in cloud computing, remote working has gained a little more traction in recent years. Businesses that invested in the technology quickly saw the cultural benefits of enabling staff to work from home, even if it wasn’t actively encouraged.
When the coronavirus pandemic hit however, organisations with and without cloud technology were forced to enable remote working for every employee almost overnight.
This presented enormous challenges for a lot of companies, and the speed and magnitude of the transition created substantial security risks – many of which likely went unnoticed.
With the rise in advanced hacking methods in an unstable global economy, the risk of valuable data being stolen and sold or shared is also higher than ever.
Recently we saw a wide range of public and private organisations in Australia come under cyber-attack by malicious unknown entities. Prime Minister Scott Morrison labelled the attacks “sophisticated” and noted that cyber-security is “a constant issue for Australia to deal with”.
What this means for you
We believe that the combination of increasing numbers of remote workers and increasing numbers of sophisticated cyber-attacks will inevitably lead to a government mandate on IT security requirements for all businesses.
What these requirements will be is yet to be seen, but they will likely complement the Privacy Act amendments for data security that were introduced in 2018.
If government does introduce requirements, your business may need to prove compliance – perhaps via third-party certification that proves your infrastructure and security policies are up to scratch.
This could include:
- Passwords and two-factor authentication
- Endpoint protection (anti-virus)
- Backups and disaster recovery
- Security practices and procedures
For those businesses that don’t comply – either intentionally or unintentionally (i.e.: they’ve had the same IT company managing their systems for over a decade and the IT company has become complacent), there could be significant fines.
In addition, things like professional indemnity insurance may be hard to come by for those businesses that cannot prove compliance.
How we can help
Besides potential fines stemming from future regulation, securing your IT systems to facilitate the future of remote working is essential.
Until you have an expert examine your set-up, policies and practices, you cannot be sure that you are as secure as you need to be.
Your data is your most valuable asset (and according to recent research, is now worth more than gold). Even if you have an IT firm already looking after you, it pays to get a second opinion just to confirm nothing has been left up to chance.
This includes a full review of the types of programs, websites and apps your staff are allowed to access. Consider the recent uproar about TiKTok, where it’s alleged that the application scrapes data from users’ phones and sends it overseas.
At Empreus IT, we stay on top of the latest industry news and best practices so we can keep our clients informed. We also conduct comprehensive security audits, and put measures in place to monitor security performance in real time. If there’s an issue, we can alert you immediately and generally fix it quickly and remotely.
For an obligation-free chat about your business’s IT security, or to engage us for a security audit, call (02) 6189 1322.