Business Continuity & Growth 2020

Issue link: https://raconteur.uberflip.com/i/1274693

Contents of this Issue


Page 5 of 11

B U S I N E S S C O N T I N U I T Y & G R O W T H 6 Commercial feature spent less on software 67% spent less on computing devices 71% decreased operational costs, of these costs were reduced by 22 per cent 63% he sudden mass shift to remote working amid the coronavirus crisis left many businesses not only scrambling to adapt their policies and processes, but also more exposed to cyber- threats. Spearphishing attacks grew by 667 per cent as countries entered lockdown in March, according to research by Barracuda, while the UK National Cyber Security Centre has reported COVID-related fraud reports quadrupled. Ensuring employees could be con- nected to business systems from home meant IT teams had to act quickly to set up VPNs (virtual private networks) or other secure access options for users that had not worked remotely in the past. It also required swift invest- ments in the necessary infrastructure, hardware and software, including the peripherals that help people work more effectively from home. In many organisations, previously restricted practices have had to be dis- carded in favour of enabling productiv- ity to continue with as little disruption as possible. Lawyers have taken case files home. Insurance claims have been processed remotely. Company mail has been redirected to personal addresses and documents downloaded to local drives to be printed on unsecured devices. That's just paper documents; at the same time, spikes in cloud storage usage is driving a new way of dark data into businesses. "The sheer pace and scale at which companies had to enable remote working has exposed them to risks," says Marc Ueckermann, chief technol- ogy officer at Xenith, a leading pro- vider of intelligent workplace services. "Cybercriminals and fraudsters have leveraged the opportunity to attack organisations while they are distracted and at their most stretched. Moving quickly does not allow for careful plan- ning and mitigation of risks." Even when the pandemic is finally over, it is becoming increasingly clear that organisations won't return to busi- ness as usual. Home working, it appears, is here to stay, certainly at far greater levels than before the virus emerged, and the ability of companies to sup- port their remote workforce proac- tively will be a key differentiator in the years ahead. Doing this successfully will require the right technology ena- blement to ensure employees have the devices and access to data to work from home effectively. "Critical approaches should always be aligned to employee engagement and productivity, with the end-client's experience the essential metric of suc- cess," says Ueckermann. "Ensure home setup is focused on employee wellbe- ing. Make sure these technologies can also play a role in creating an inclusive remote working culture. One of the greatest challenges is adding necessary layers of added security, but doing so in ways that aren't intrusive and don't affect the productivity of the end-users or the IT teams supporting them." Visibility across all employee devices, including their usage, when people are working from home will be particularly important in the "new normal" emerg- ing from the pandemic. Organisations that can effectively monitor how devices are performing, and ensure a proactive resolution to potential issues so actions can be taken before failure, will main- tain strong productivity and maximise employee satisfaction and engagement. Meanwhile, with roles and respon- sibilities changing and new software, systems and processes continually evolving, it's just as important that companies can ensure their employees have the right device to perform the tasks required of them. By monitoring existing device usage patterns, such as hard disk, processor and memory uti- lisation, and matching the functional- ity of devices with the tasks involved in certain jobs, it's much easier for IT to select the appropriate equipment for each user. "You can never get back time lost because equipment is not working as it should," says Ueckermann. "That can be avoided when your IT team has the visibility to act proactively. Imagine the impact of IT reaching out to you and saying they've seen you're experienc- ing some issues with your laptop so a replacement part or device is already on its way to you. In a time of redundancies, furloughing and pressure on employees to perform more tasks, nobody should have to deal with a malfunctioning device anymore. "Visibility is also vital in terms of secu- rity monitoring and reporting. A sig- nificant point of entry for any attack is through end-user devices. Home work- ing increases the risks of data breaches, which have serious data protection ram- ifications, but also significantly impact productivity because remote workers are disrupted. They can't just walk down to IT, hand over the affected device and get a replacement unit. It might take days to get one. By monitoring devices, proactive actions can be taken to pro- tect the business." The key to businesses gaining this visibility during the COVID-19 crisis has been device-as-a-service (DaaS), a solution by HP. Health and usage ana- lytics from HP Proactive Management, which sits at the heart of the solution, monitors and reports device perfor- mance and status, including installed software, operating system version, application usage, hard drive usage, CPU (central processing unit) utilisa- tion and device health. Going beyond the hardware, DaaS is a life cycle management programme for end-user devices, allowing busi- nesses to adopt a flexible consump- tion-based model for hardware provi- sion while reducing the management overhead and providing high levels of security. This not only makes HP DaaS an attractive proposition from a finan- cial perspective during difficult eco- nomic conditions, but it also frees up vital time for in-house IT support teams so they can focus on other busi- ness-critical tasks. Security isn't just enhanced by the visibility enabled by the solution and the ability to be more proactive; there are also many security features built in to contain and eliminate threats. The solu- tion goes well beyond standard secu- rity practices by harnessing the power of deep-learning artificial intelligence to provide real-time threat detection, self-healing BIOS (basic input/output system) and hardware-enforced secure browsing that isolates web content in a virtual machine. As an HP Gold Partner, Xenith has dedicated DaaS experts and has played an important role in deploying the solu- tion for clients adapting to the new normal, while offering access to an extensive support team globally. "Now is the time to make sure the quick actions taken to get everyone working from home are now formulated into proper strategies with investments in ensuring remote work practices are the norm, not the exception," says Ueckermann. "It is essential to moni- tor your environment, visualise areas of concern and adjust work practises, processes and strategies to align to the ever-changing customer and employee needs, and indeed any further disrup- tion if a second wave should emerge. "HP DaaS offers a plethora of hard- ware options for every requirement, including processors from AMD, the world's only processor family with full memory encryption as standard, to help defend against cold boot attacks. AMD's latest processors offer incredible speed, mobility and battery life, with up to eight cores in ultraportable devices, and bat- tery life which extends to up to 24 hours and 15 minutes on some models." Xenith offers a free 60-day trial of HP's Proactive Management & Security Toolset, with a custom report providing actionable insight on more than 30 variables regarding your existing hardware fleet, security and usage patterns. To find out more please visit xenith.co.uk/trial or call 020 7417 2000 Visibility of device usage is crucial in the 'new normal' As companies adapt to new working practices in the wake of the coronavirus pandemic, an ability to monitor device usage of home workers is vital to productivity and security alike Commercial feature T ORGANISATIONS THAT ADOPTED "AS A SERVICE" MODELS LIKE DaaS HAVE... Relieved demands on IT, including security-related demands How these time savings would be used 46% Fewer hours needed for device lifecycle service 39% 28% Fewer IT helpdesk hours Reduction in helpdesk time to address incidents 18% Fewer incidents IDC, 2017 Spent less on hardware, software and services Increased productivity 61% Would use time savings on long awaited strategic IT projects 67% Would use time savings to start new projects accelerated the time for new business application adoption 49% increased end user productivity 61% Data audits more critical than ever The harsh reality of the coronavirus has forced many businesses to consider what comprises their minimum viable company and data audits are the first key step in assessing where risk lies alf of British workers are now regu- larly working from home, with sim- ilar patterns seen across the world: just one business legacy of the coronavirus. But this leaves managers and companies' IT departments with a headache. With many firms only just recognising the importance of business continuity and disaster recov- ery, how do you decide what's worth sav- ing in the event of a cyber-attack or systems failure and what can be left to lose? "Companies are thinking about resil- ience in a very different way," explains John Beattie, principal consultant at Sun- gard, a cybersecurity company. Rather than recovery, people are thinking of resil- ience. "They're thinking about it on many fronts: revenue resilience, data security and how can I continue my minimum via- ble company?" For many, that minimum viable com- pany has been put more at risk by the shift to home working. "Businesses large and small have virtualised at an unprecedented rate and in response to an unforeseen emer- gency," explains Dr Victoria Baines, a cyber- security researcher and visiting research fellow at Oxford University. This means more people accessing work networks and key data from personal devices. That's a boon for cybercriminals and a problem for corporate IT departments fearful of the rise of ransomware. "Now that we have overcome the initial panicked reaction to lockdown, organisa - tions of all sizes should seize the opportu- nity to map their IT assets and access, draw up security policies for home working and ensure all their employees are compliant," says Baines. Data audits are an important first step. Businesses big and small rely on the cloud for data storage, which is a benefit as it's comparatively easy to recover from. But several sections of a business's data are often seen as too business critical to be stored remotely; customer information and accounts, for instance. This attitude needs to shift, according to Alan Woodward, professor of cybersecurity at the University of Surrey. Likewise, make sure your software is up to date, and you're backing up data to the cloud. Chris Stokel-Walker H "Think about the minimum amount of data you'd need to run your business," he says. "How much business would you lose if you're hit by ransomware?" If your company computers, including those home laptops co-opted during the dash to leave the office during COVID-19, are run- ning Windows 10, backups are made con- tinuously, but otherwise Woodward advises backing up data twice daily, at lunchtime and after office hours, to the cloud. "It doesn't stop the files potentially being encrypted if you're hit by ransomware, but it puts a break on it," he says. "You only lose half a day's work." Siloing sections of the business can also slow the spread of ransomware, but it's important to remember that more digital collaboration tools are being used in these unusual times, which means susceptible files are more likely to be passed around from one employee to another. "Security is always breached by people, process and technology," says Woodward. "People are always the weak link, and when you introduce new processes in working remotely, people might not be used to it." Extra caution is important at all levels of a business. "Getting an email from the boss might not be unusual when working from home, but would be in the office when they're sitting three desks behind you," says Wood - ward. Baines adds: "Cybercriminals will seek to exploit this decentralisation and any points of vulnerability in these chains." Companies often seek collaboration and the drive to working from home has pushed that even higher up the to-do list for many people. Employers have also accepted lax attitudes to data security as people accli- matise to the new normal. "A lot of organ- isations have had to relax some of their data protection controls to facilitate people working remotely," explains Beattie. But separating silos, stacks and func- tions is of vital importance for basic busi- ness continuity, and having a clear plan and programme to recover any lost data in the aftermath of the event is vital. The minimum viable company requires plenty of planning and an acceptance of worst-case "what if" scenarios. But along- side introducing technical measures, vir- tual private networks, firewalls between departments and multi-factor authenti- cation for logins, ensuring the minimum viable company remains viable is as much about employee education as anything. "Using the same password for access to your work emails, your Facebook account and your online shopping just won't fly anymore, especially if you're using the same device for all three," says Baines at Oxford University. "It's time to remind all home workers of their responsibility to protect themselves and the corporate assets to which they have access." Bosses may also need to have frank con - versations with workers about digital rights. She adds: "Employees may have to get used to the idea of employers imposing security requirements on their personal devices, including enforced antivirus installations and operating system updates." Think about the minimum amount of data you'd need. How much business would you lose if you're hit by ransomware? D A T A S E C U R I T Y Ransomware attacks account for one in five cyber-attacks launched in 2019, according to Trustwave. One recent victim was motor manufacturer Honda, which was hit in June by what 's believed to be the Ekans ransomware strain, affecting production, email access and the ability to look at server data. An internal server was attacked by a third party. Though the company has not disclosed much information about the attack, it disclosed that the virus had spread across its network, probably because of a lack of siloing within the company. It seems likely, though isn't known for certain, that whichever entry point the hackers used was connected by the internet to the company's wider servers, allowing the ransomware to permeate throughout the organisation. The result was significant. As well as being locked out of email accounts and company servers, production was temporarily halted in Turkey, Italy, Japan, United States and UK, with cybersecurity researchers believing data may have been held to ransom. Honda said in a statement released when announcing the attack that no data was breached and there was "minimal business impact". The company returned to production soon after, but provided a model for just how devastating such attacks can be. What went wrong at Honda? Shutterstock

Articles in this issue

Links on this page

Archives of this issue

view archives of Raconteur - Business Continuity & Growth 2020