Working from home is here to stay for many employees. Even employers, having been put to the test during the pandemic, understand that employees' productivity does not diminish in the home office. In fact, they are even more productive than in the traditional office. As a result, companies can continue to integrate remote work into their operations with a clear conscience, moving to a flexible way of working to provide employees with a mix of home office and office. But this presents even IT experts with new security challenges.
The number of threats from cyberattacks of all kinds has increased rapidly in recent years — from phishing, ransomware and DDoS attacks to social engineering. According to IDG, 66% of IT managers surveyed confirmed that home office employees are exposed to more cyber risks. On this premise, the number of employees working on private, unprotected devices (31%) is also alarmingly high. So the IT help desk also has its hands full, looking after more and more remote worker issues and protecting them from cyber threats. But the key here is to keep the measures as user-friendly and secure as possible. Employees should not be too restricted by the new "work-from-anywhere" and too many work steps.
Creating strong awareness for IT security
Whether remote, in the office or in a co-working space, all employees must be sensitized to cyber threats. IT managers should educate them about how malicious hackers operate, what gateways they provide them with simply by choosing their passwords, and what steps and tools they can use to combat them. It is important not only to provide training for employees but also to give IT security a permanent place in the corporate culture. This is the only way to create an overarching security culture in the company and ensure that employees understand the value of IT security if it is also explicitly practiced. As a result, employees also embrace the issue of security and behave with caution throughout their working hours, helping minimize the risk of the human factor as a security gap.
Solid password management as a cornerstone
On average, everyone has 30 accounts that need to be protected by passwords. Strong password management is essential whether at home, in the office, or anywhere else in the world. However, employees use a password an average of 13 times. Smaller companies in particular struggle with this. That's according to a recent study by password manager LastPass on the use of passwords in the workplace. As a result, these login data still represent the greatest security risk in companies.
Considering that data breaches are commonplace in the digital world and that it has been proven that 80 percent of data breaches can be traced back to weak and reused passwords, employees should always be educated about password hygiene.
Nevertheless, many users often use the same insecure passwords across different accounts. Unfortunately, favorites still include sequences of numbers like "123456" or adjacent key combinations like "qwertz." Combinations with numbers from the date of birth are also not a good idea. With a business password manager solution, companies gain more control over the password behavior of their employees, enabling IT managers and users to avert breaches in good time and keep administration costs as low as possible. Password managers manage all passwords, which users set up individually for a wide variety of accounts, in a secure vault. This is only accessible via a strong master password of the user. Therefore, employees only have to remember one password, which helps avoid insecure, simple passwords and the multiple uses of the same password in different accounts.
Single sign-on and multi-factor authentication as an additional security layer
The advantage of such password managers is that they offer additional functions, such as single sign-on (SSO) or multi-factor authentication (MFA). With SSO, IT managers can reduce the effort required for password management by significantly reducing the number of passwords that need to be managed. This way, users connect to applications securely without having to enter an extra password. Organizations can thus gain complete control over both passwords and user access, as long as accounts are connected to a password manager via SSO, adding an extra layer of security to logins.
MFA also provides yet another layer of security. When logging in, users must enter another code in addition to the password. This is created at the moment of login and sent to another user's device. A variant of this method uses biometric sensors for fingerprint or facial recognition. Only with this second level of security can the login process be completed by an MFA. Such methods are very beneficial for IT admins because they no longer have to worry about the insecure passwords of their colleagues to secure corporate networks. The entire workforce is protected, but at the same time, can work both in the office and remotely without much performance degradation or complex security processes.
Network access must also be secured
Working remotely also involves a VPN connection in most cases because the ease of use with a single access point and secure data transmission is very intuitive. According to the IDG survey, almost half of IT managers (45%) admit that employees access unsecured WLAN networks. This is due to only marginal protection of the VPN connection. IT administrators should also secure these additionally.
However, it is precisely the intuitive, simple features of VPN that make it highly vulnerable to cyberattacks. Just one set of stolen login data or one computer compromised by malware is enough to give hackers access to sensitive company data. In the worst case, they can encrypt it and demand a ransom. To prevent this, the VPN connection needs an additional security layer. Again, MFA comes into play for double protection. In this way, companies avoid unauthorized persons gaining access to the network - without additional, complex login processes for employees.
The path to a secure flexible working world
Remote work has found its permanent place in working life after the pandemic and will retain its importance in the long term. IT must therefore adapt to a flexible IT environment to keep the resulting increase in cyber risks under control. The right tools and features will help them minimize the risk of attack while allowing employees to work productively and securely from anywhere in the world without major restrictions. Organizations should take the higher-risk home office threat landscape seriously and rely on the right solutions to be ready for a secure flexible workforce.