FREE Advice Guide: Low Cost, High Impact IT Strategies For Sensible Management Of IT During The COVID-19 Outbreak.
IT and software systems are the backbone of virtually every business nowadays, but the impacts of COVID-19 have created some complex challenges around best practice.
Although every business is different, we’ve put together our opinion on the most sensible things you should be doing when it comes to IT, both now and over the coming weeks and months. This is particularly aimed at businesses who can still operate but have a high percentage of their staff working from home (or on furlough).
If you’ve seen anything on our social media accounts, emails or on our website recently you’ll know we’re big fans of this software. It’s simple to use and makes communication tonnes easier for home workers.
Bringing chat, voice calls and video calls into one application makes it easy to get hold of anyone in your organisation and the ‘Teams’ functionality allows departments and workloads to be managed efficiently and effectively.
If you’re still a new user to Microsoft Teams or just want to brush up on your skills, then check out the recordings from our recent webinars which have loads of practical tips and advice:
Microsoft Teams: Working From Home
Microsoft Teams: Creating and Using Teams
Microsoft Teams: Our Favourite Features
Home working brings up a huge number of concerns regarding IT security. It’s probable that when you implemented your current cyber security strategy (assuming you have one!) you didn’t expect the quantity of home workers than you currently have.
Although the core of your security will remain in place, it’s worth considering the following low cost, high impact security products and services to ensure you’re as safe as possible.
Microsoft’s ATP (Advanced Threat Protection) for Office 365 not only helps to filter emails, but also flags up external emails to your end users with a very clear warning at the top of each email. As well as scanning the email itself, it also checks for any threats in both attachments and links.
It’s been widely reported that phishing scams are increasing during the COVID-19 outbreak and with users out of their normal working environment it’s more than possible for them to make mistakes. If that mistake ends up in downloading malware or, possibly even worse, sending sensitive information or money to a cyber criminal the outcome is not worth thinking about.
ATP is a low-cost solution with minimal set up and that can help to protect any organisation against cyber threats that come via email.
A more proactive approach to protecting against phishing threats is to continually train your staff on what they should be cautious over within emails. A Phish Threat solution allows you to set up campaigns designed to either train or test your users, with emails that appear to be phishing emails (but actually come from you!). However, if clicked, the user is sent to some additional training.
An IT administrator can then see progress of any training completed (or not) and the users who have fallen foul of your testing.
There are a range of options when it comes to Two-Factor (or multi-factor) nowadays, but not all of them are expensive.
The majority of credential harvesting attacks take place via email, so using Microsoft’s Office 365 2-Step Verification add-on is a quick way to protect your organisation.
With Two-Factor turned on, your users will need to login to their email account by authenticating themselves on a mobile phone or token device, preventing the risk of any data loss or malicious email activity if a user’s login details are lost or stolen.
Sophos Commercial for Home Users
If you have users that are using their home PCs or laptops to carry out their normal work, then Anti-Virus/Endpoint protection must be considered. Luckily, Sophos announced that their Commercial Anti-Virus product was being made available free of charge for home users via Sophos Partners, like ourselves.
Regardless of the device a user is accessing your data on, you still have the responsibility to keep it safe under GDPR laws, so a commercial grade Anti-Virus is an absolute must, especially when it’s available free of charge.
If this is something you haven’t sorted already, then get in touch.
With so many people working from home, concerns around data storage are likely to have crossed your mind. You should look at your existing solutions to lock down transfer of data to things like USB sticks, set up structured file storage (such as SharePoint or mapped drives) and educate staff on where they should (and shouldn’t) be saving data.
Another low cost, high impact solution to consider is Microsoft’s DLP (Data Loss Protection) for Office 365. Microsoft have recently changed some of their Office 365 subscription packages and for a very low cost you can potentially change to one that includes DLP. This solution prevents sensitive data being sent outside of your organisation accidently by recognising what sensitive data looks like (based on policies you create) and blocking content completely for unintended recipients.
Assuming you, or people within your business, currently have some free time then it’s a great chance to get around to some of those jobs that you don’t normally get a chance to do.
If you have a proactive service from us, or an IT manager who is carrying out regular maintenance, then some of these may not be relevant, but it’s worth giving them all some thought and checking if they are all being done.
On both desktops and servers your Windows Operating Systems should be kept up to date with the latest patches. Without an upgrade schedule this can often be forgotten so it’s worth getting everything up to date whilst you can. However, it’s always best to do your homework and ensure that all of your business software is compatible with the latest version and that a test upgrade is carried out before doing it for real to avoid any issues.
When was the last time you got rid of some old files from your servers, desktop machines or cloud storage? Although storage is cheaper than it’s ever been nowadays, it’s still worth having a look through historical files and getting rid of anything you don’t need. It could mean that you don’t need to buy any more storage in the future and might even speed things up a bit!
As with old files, have you had an audit of your users recently? You may have users that no longer work at the business at all, duplicate users and possibly a bunch of email addresses or groups that are no longer in use. It’s worth testing everything to ensure you don’t delete anything you need, but it’s a good way to make the administration of your system easier in the future and reduces any risk of old user accounts being accessed, which could form part of a cyber attack.
Many businesses had to react to home working in a very short period of time, which often meant that phone systems were difficult to set up in an efficient way. Although phones could be diverted to mobiles, the management of calls (transferring, placing people on hold etc.) has been tricky for many businesses.
As we settle down in a more prolonged period of home working then Microsoft 365 Business Voice has offered a cost effective and quick way to resolve this. As well as being fully cloud based, it also operates within Microsoft Teams so users can handle calls on their PCs as well as having handset, headset and mobile phone application options too.
We’ve recorded a full webinar on this product, which is available here:
Returning Staff To Work
The Job Retention Scheme announced by the government may well have resulted in a number of your staff members being placed on furlough. Although no-one knows exactly when, these staff will return to work so it’s worth considering your plan around this, both now and in the future.
Although your staff may have stopped working, cyber criminals haven’t. If a password is compromised whilst someone is off then it may take a while for anyone to notice it. If you have staff who aren’t logging into your normal systems then consider resetting passwords or pausing access to any accounts which could be at risk.
Furthermore, when people do return to work how many of them will have forgotten their passwords?!? Having a plan in place to manage password resets as people return to work will save you a lot of time in handling forgotten passwords as well as keeping everyone happy.
In a similar vein, it’s worth thinking about any access rights furloughed staff have, and whether or not that access is needed when they are not working. Lock down anything you feel appropriate which will help to prevent any cyber security risks that could go undetected.
Remember to have a plan to bring everything back to “normal” for when people do return to work though.
Security & Data
When people are away from the office, an IT manager will probably be having sleepless nights about data security. Is data safe? Where have people saved or copied it to? Do I have control of devices if they are lost or compromised?
Now is the best time to review your overall cyber security strategy. If you have a Cyber Essentials (or equivalent) accreditation, then your current policies probably won’t have considered a situation like this. If you don’t have one, then it’s not a bad time to look at your strategy – it’s probably never going to be complicated than now, so you’ll have all bases covered!
Download The Guide.
Low Cost, High Impact IT Strategies:A Sensible Approach to IT During COVID-19... Request your free copy!
With all of our solutions, advise and support we aim to provide the best-possible customer experience, as well as helping to make businesses more efficient and profitable.
Fill in the form to download your free guide. We do not share your data with any third parties for marketing purposes.