When we released our inaugural World Changers report earlier this year, we could never have imagined the colossal challenges that 2020 had waiting in the wings. Many of the trends we highlighted in the report went on to have even more resonance than predicted, as COVID-19 shifted the way we live, work and connect.
For our Explore the trend interview series, I asked senior consultant Matt Cassell about the risks of shadow IT. Has working from home put more strain on our IT security? Are we relying on the wrong tech to get the job done and how can internal communicators team up with IT to change these behaviours?
It’s certainly come out of the shadows now. We had a real needs-must situation back in March and when most of us had to pack up and work from home, so many organisations didn’t have the policies or risk assessments in place to cover a situation of this scale. It exposed a lot.
Colleagues using shadow IT isn’t necessarily worse, but there’s definitely more risk attached to how we’re working now. Working from home comes with so many variables that can’t be controlled by the IT team. Our WiFi networks are more open and not everyone has a virtual private network (VPN). Many clients we spoke to at the beginning of lockdown had provision for some remote working, but not 10,000 employees at any one time.
I’m definitely seeing clients slowing down a bit now, compared to the scramble six months ago. People have settled into a routine with their home working and know how to make it work for them. But this has come with a lot of short cuts and workarounds.
Where our home and work environments have bled into each other, so have our devices. It’s not uncommon for people to use their personal phone to make work calls or send documents between work and personal computers when there have been outages on platforms like Teams or WiFi lags. It’s a ‘just get it done’ mentality brought on by sheer frustration at tech’s capability, but it paves the way for major security and data breaches. We’ve become a lot more comfortable with digital collaboration, but a lack of boundaries brought on by home working presents a big challenge when it comes to risk.
Think about call centres. There are strict protocols around not leaving your workstation unlocked if you step away or writing down a customer’s personal information. Are we still maintaining such stringent measures while working remotely? What does this look like in a home environment, student accommodation or shared housing?
Right now, we’re in a holding pattern. This time has shown us we can absolutely meet the challenge of remote working, and this will likely change a lot about how we collaborate in the future. But we’re still waiting to see what the months ahead will bring.
A lot of the systems put in place towards the beginning of the year were stop gaps to meet sudden demand, but these tools and platforms are not likely to be a permanent solution. Organisations will be looking at their budgets and trying to understand whether it’s right to invest in more infrastructure now or hold off and wait for a return to the office that may yet be months away.
This leaves us in a grey area. We’ll keep plugging away, but all the time this is ingraining bad habits. And, as we continue to think of this time as temporary, it makes it harder to embed good practice.
There are many but right now, it’s fatigue. We’ve all been working at pace for months and despite the summer break, we’re shattered. Combine this rushed and pressured way of working with that borderless environment I mentioned and we have a recipe for risk. With the distractions of home and less immediate support from IT teams, it’s easy to drop your guard and get caught out.
Scammers have cottoned onto the ways our behaviours are changing and you might have noticed a sharp increase in spam and phishing attacks. Some are quite convincing and, when you’re already distracted and dividing your attention across multiple devices and platforms, it can be quite easy to fall prey to them.
IT can’t protect against everything. Businesses have gone from a handful of secure, controlled locations to thousands of less secure, unmonitored ones. But internal comms can bridge the gaps across IT and the rest of the organisation, helping everyone understand their own role in keeping everyone safe.
It’s clear that we’re going to have to keep working this way for some time. We’re not yet at the point where we can see the long-term impact. But to change behaviours takes a real understanding of people’s situations and motivations. IC can bring in the listening and measurement needed to tell a compelling story that changes the mindset around risk and responsibility.