Do you know what your digital ‘R’ number is?

How high is your digital ‘R’ number?

The UK has been grappling with COVID-19 for more than a year now. As we’ve seen in recent weeks, businesses that haven’t been able to adapt to life under lockdown – or prepare themselves for the new normal – have suffered or even closed down.

The businesses that managed to survive – or even thrive – have been flexible enough to pivot rapidly. Successful digital transformation programmes have played a significant role in this adaptability. Leaders who were reluctant to allow virtual working have been forced to send their people home – and many have been surprised by the unexpected benefits they’ve seen. They wanted it done as fast as possible and as efficiently as possible, but many forgot to say as securely as possible.

The pandemic has changed how organisations view their security. They’ve had to adapt to securing employees who are working from home, sometimes on shared computers, always on home networks and often using unsecured routers.

Pay attention to your digital ‘R’ number

As a result, while governments have been trying to reduce R0 of the virus, businesses have seen their information security R0 rise.

Just as businesses have adapted to this new world, so have cyber-criminals. They’ve been thriving. Throughout lockdown, we’ve seen hackers taking advantage of our lowered defences (both in security terms and psychologically). Large-scale phishing and spear-phishing attacks increased.

And then there’s vishing – where victims receive messages through data apps like WhatsApp, where a voice message or video from their supposed contact appears to prove a request is genuine, only it isn’t. For businesses that conduct most of their work virtually now, this is a real concern.

What are the risks?

1. A lower level of IT security. Back at the start of the pandemic, it was understandable that most employees wouldn’t have an office-level IT security setup at home. But we’re a year in now. If you haven’t already strengthened your virtual teams’ IT security, you should be looking urgently at how you can do so – especially as research suggests that working from home is here to stay for many of us.
2. Better education and communication around IT security. Good practice or not, when a regular employee is working in company offices, they’re unlikely to be thinking about IT security – that’s what the IT team’s for! Now that they’re working virtually, you may be surprised at the things that people don’t know and the security measures they don’t take. Ask them questions – like if they’ve changed their default home network password? Are they updating their devices? It’s a good idea to reboot your router every 30 days, but few people know that this is one of the most basic security steps they can take. Start a dialogue around information security and keep it going to maintain levels of awareness.
3. Understand what your weak points are. Everything from unsecured VPNs to home WiFi that any passer-by can access, is a potential threat. Then you have home networks, which could include smart devices, iPads, smartphones and gaming consoles – how many of these have simple passwords stored in plain text? While you don’t have ultimate control over what your employees do in their own homes, knowing the potential risks can help you support your employees in mitigating them.
4. And the biggest risk is (drum roll)… human error. There’s no escaping our impressive abilities to make small mistakes that can leave a painful mark. But we’re human - mistakes are to be expected. What you need to do is find ways to prevent people from being able to make the mistake, or to mitigate the damage done if there’s no way they can avoid it.

Okay, we get that there’s an increased level of risk, but how can we mitigate it?

As with the virus, we need to get that R0 down. But how?

• Provide employees with a robust level of security. Rather than giving them a VPN login, have them use a secure zero trust micro-segmented solution to access the network.
• Ensure your employees have the best firewall and antivirus protection they can.
• Set corporate IT security to high and encrypt all sensitive data – including emails.
• Instruct all employees to avoid using public WiFi on their devices and to turn off auto-connect
• Remind employees, suppliers and partners to lock their devices when they step away (and set it up so that the screen locks after a very short time when unused).

As with the viral ‘R’ number, getting your digital R0 down is about four things: education, communication, cooperation and following stringent procedures. It’s just another way that your organisation needs to adapt. 

If you want to know more, please feel free to download the first couple of eBooks in my "90 days later" series here.