Over the past few months I’ve been connecting with business owners and managers within businesses, talking about how we can enhance their cybersecurity measures. It’s been a difficult time to have these conversations with so much uncertainty.
With clients needing changes ranging from staff training and simple tweaks to working practices, right through to more complex changes to computers and server configurations, there’s not exactly a one-size-fits-all approach that can be taken.
In the first few days or weeks of lockdown under Covid-19, many of the projects that were pencilled in got cancelled. In many ways, this was completely understandable.
Suddenly we were all thrust into an uncertain world. Who in their right mind would make significant changes or plans under these conditions?
However, the cyber-threat landscape also changed. New opportunities to take advantage of workers who were suddenly based at insecure home-environments, working outside of the protective circle of the office network were now ripe targets for the picking. But businesses were not necessarily adapting their approach to security!
Fast-forward to today and businesses are starting to return to normal. Some of them at least.
There’s definitely a feeling that work is picking up, we’re certainly getting busier.
Naturally we are now starting to contact those people we were making plans with prior to the March lockdown, hoping to see if we can resume planning and get them cyber-safe.
Some have asked to wait a bit longer until more of their staff have returned to the office. Could they be missing an opportunity?
Could now be the perfect time to get on with making some of the more disruptive changes?
Getting new tools installed and implementing new security policies and controls ahead of a return to the office could mean less downtime for the business compared with doing the work when the workforce is back to full-strength.
This takes me on to the subject of staff coming back to work. If we’ve implemented changes and the bulk of the workforce has been out of the office for many months, could the return to work be a vital opportunity to perform a reset of working practices?
Can we take this as a chance to explain a new way of doing business? A secure way!
Having a return-to-work meeting could be the just the right time to talk about good practices, discuss threats and how to spot them and of course, to present some new security policy documents to the team in one go.
There are other reasons to have these return-to-work meetings too. Kevin Stewart from Pure Health and Safety said “The HSE are recommending companies hold return to work meetings, they also require a Health and Safety Covid-19 induction.”
The HSE states that when talking to employees, you should:
- explain the changes you are planning to work safely
- make sure changes will work and hear their ideas
- continue to operate your business safely during the outbreak
Further to this, there could also be HR reasons to hold such return-to-work meetings. Leighton Davies of HR Consultancy, Davies and Associates explains that he believes employers should hold meetings with staff returning to work for a number of reasons including:
- To explain the measures that have been put in place to protect the health and wellbeing of themselves their colleagues and other third parties. This should include safety measures, the wearing of PPE and social distancing in the workplace, new working practices introduced in light of the Covid Pandemic etc.
- There may have been changes at work since they last worked, it is therefore important that those returning are made aware of such changes including; changes in working practices, customers and supplier relationships together with policy, procedure & systems changes.
Davies and Associates have prepared a blog post for us on this subject which we’ve shared on our sister company, Assistify’s blog, you can find this here:
Feel free to comment below with your thoughts on this question.