Is cybersecurity being relaxed in the name of productivity?

29 March 2021 Consultancy.uk 4 min. read
More news on

There can be no doubt that the last year has been unprecedented for businesses. The Covid-19 pandemic has caused serious challenges with many companies not even being able to stay open for the majority of the year, and even those that were able to open found themselves struggling with constantly changing governmental advice and fluctuating fear.

Whole industries have been brought to their knees, and many organisations have only been able to hold on by a thread. But now with more hope on the horizon and a greater sense that we could see a return to normality – it’s not surprising that companies are looking to ramp up their efforts and do everything they can to recoup some of their losses.

For many, this has seen a drive towards greater productivity. And while that might sound positive, there are worries that it has come at a cost. 

The relaxation of cybersecurity

It was recently revealed that around 46% of SMEs have relaxed some areas of their cybersecurity in order to allow staff to work remotely. That’s a really significant development for a number of reasons. Firstly, it shows that businesses have recognised that they are not positioned to maintain strong cybersecurity with remote workers. 

Secondly, it could be a major issue. Many cybercriminals prefer to target small businesses anyway, as they see them as a potentially easier target. If SMEs reduce their cybersecurity further it could leave them even more vulnerable. 

Interestingly, the issue was less true in larger businesses, where only 19% said they had relaxed cybersecurity. Perhaps this would naturally be expected as larger businesses are more likely to have the budget and specialist staff required to oversee such changes. 

Businesses had to adapt during the pandemic

It is definitely the case that in order to survive through the pandemic many businesses had to adapt their working practice. The sudden uptake in VPN services, video conferencing software and cloud computing meant real alterations to working practice to a large number of companies. 

However, this created a really serious issue: 61% of businesses admitted that they were not prepared for the changes that they had to make as a result of the pandemic. And of course, while things to do improve over time, the fact that new systems had to be rushed into place for many businesses will inevitably mean that corners had to be cut.

It is sadly the case that when scrambling to restore business-critical operations, it can be easy to overlook the importance of cybersecurity.

The issue of shadow IT

One of the major elements of cybersecurity being relaxed in the name of productivity comes in the form of shadow IT. This is a problem that many companies face and it is something that has clearly been exacerbated by the larger number of people working at home or without the supervision of the IT team during the pandemic.

Shadow IT refers to software and applications that are used by employees without the knowledge or sign-off from the IT team. This can be a big problem, as software and apps can have vulnerabilities and issues that make them dangerous to use inside a company’s IT system. 

Further reading: Shadow IT and tech threatens the role of the CIO.

According to cybersecurity specialists Redscan, “shadow IT is a significant risk for businesses, particularly if employees haven’t been supplied with company equipment and IT teams lack control and visibility of applications in use on personal devices. If not already in place, a remote working security policy can be a useful way for organisations to communicate which tools have been tested and are approved for use.”

Is it just a symptom of remote working?

Many of the issues here come as a result of new systems being put in place to maintain productivity, rather than companies ditching cybersecurity because they would prefer staff to be getting more done. It can be argued that if remote working becomes less common then this will be a less serious issue moving forward.

Final thoughts

These are unprecedented times and IT teams cannot be harshly criticised if some cybersecurity standards have slipped. However, it is important that businesses look to get on top of the situation as soon as possible and put new procedures and cybersecurity measures in place to ensure that the company and employees are not put at risk.