Förändrade säkerhetsrutiner för IT-ansvariga vid arbete på distans : En studie genomförd på små och medelstora företag i Sverige

Sammanfattning: The global Covid-19 pandemic have led to a lot of people working remote, the number of attacks on organizations also increased with teleworking, which means that organizations need to secure their networks to telework safely. The study examines how IT managers at small and medium-sized enterprises (SMEs) communicate to their end users about new and changed threats in telework, how the IT-responsible guide end users on how to work safely in telework and what other methods have been implemented to secure teleworking. The study was carried out by examining previous literature in the field to compile an interview guide with relevant questions. The study had a qualitative approach where semi-structured interviews were used to collect the empirical data, after which the data was thematically analyzed. The result from the study shows that IT managers used a lot of emails and referred to their intranet to inform their end users about new and changed threats, but also used meetings and seminars to inform end users. To guide end users when working remotely the IT managers implemented policies on what they could and couldn’t do. There were also guides to show end users how they should work properly. Additional key aspects were to educate their end users and to offer the end users IT support with eventual problems with help from a service desk.  The study contributes with a deeper understanding of the various methods and solutions that the IT managers at SME have implemented. Based on the results of the study, the following recommendations were given to small and medium-sized companies: To implement multifactor authentication and that all devices must have updated antivirus and secure remote access to local resources. You should also get a service that enables digital communication and document sharing. Additional recommendations were to inform end users about new and changing threats using intranets, emails or additional mediation methods. Implement policies and guides that guide end users around how to work safely and what they may and may not do while teleworking. Final recommendations are to educate end users to recognize common threats such as phishing by e-mail and to provide IT support to end users with the help of a service desk. As well as providing end users with the hardware that they need for teleworking such as printers.