With so many businesses successfully instituting work from home policies during the pandemic, it’s reasonable to think that this way of working could be here to stay.
While that’s great for employees with flexible working and less stress, it does pose a challenge to information technology (IT) departments and business owners. With remote working come greater risks to the security of company information and intellectual property.
So what are the risks, and what can be done about them?
The threat from phishing scams, viruses, ransomware and other malware is still very real and, with more people than ever working remotely, there are more opportunities for cybercriminals to attack.
Employees may be working from home, using domestic broadband with an unsecured router, and could be routinely hopping between personal use and business use on their personal device, leaving far more chance that they might click on something they shouldn’t, either due to distraction or because of the lack of security compared to what’s available when working on the company’s premises.
This is also a problem if staff either choose to work from a public location, like a coffee shop, or they have to because they are travelling for work. Public Wi-Fi, even with a password for access, is much easier for hackers to attack and be able to listen in on what an employee is doing.
A further problem with working in public spaces is that criminals have the chance to overhear video chats or look at laptop screens, with the possibility of them seeing sensitive data or being able to steal passwords.
Why hybrid workforces should reconsider Bring Your Own Device (BYOD)
Letting employees use their own devices sounds like a great solution at first glance. However, as noted above, public Wi-Fi and home routers may not be as secure as a properly configured IT system on a company’s premises. This option reduces cybersecurity and gives criminals far more chances to attack, whether that’s by sending phishing emails that wouldn’t normally get through on the company’s network or stealing sensitive data.
Employees will, of course, use their own device for personal use too, including browsing the internet and potentially clicking on malicious links. Children and other family members or guests may be allowed to use the family computer and, again, could click on something they shouldn’t, or they may be able to see sensitive company information.
If employees work part-time remotely or travel to other branches of the company, they are then taking that possibly infected device with them and connecting it to their company’s network. It’s a far better option to offer secure, company-owned laptops and mobiles that are only to be used for work purposes.
Considerations when migrating to cloud computing
When security leaders consider moving to cloud computing, it’s important to research which option will be best for the company. Will it offer data protection and security to the necessary standard? How much control does the user have over security and access options? Can cloud computing options and storage grow as the company grows and needs change? Are there regulatory considerations? Is accessibility good enough for staff and, if needed, for customers?
If something goes wrong, can the user access help quickly enough and is the help of a high enough quality? Are backups frequent and able to be restored to a particular point in time?
Cloud computing offers a lot in terms of ease of use, easy collaboration and streamlined working.
Why security leaders should take the time to educate their workforce
It’s far too easy for cybercriminals to send out phishing scams and malicious code attached to emails if employees don’t know what to look for and what to do if they do accidentally click on something. Employees should be regularly educated on email security and cybersecurity in general and kept up to date with the latest scams and phishing attempts.
It is also a good idea to discuss and enforce the use of strong passwords that are different for every application so that cybercriminals can’t easily guess passwords. This is an important step for all employees in a business, not just those working remotely.
What to consider when choosing appropriate endpoint security
Endpoint security offers many ways to protect devices and keep your data safe. Look for a platform that offers exploit and threat protection, protecting from malware, viruses and more. A good platform should also provide email security and browser protection, patch management, application block listing and, of course, data protection.
Look for a platform that offers all this and is easy to implement centrally.
How to reflect these changes in policy
To secure remote work, security leaders have to do a lot of thinking, planning and implementing of new systems. To back that up, it is best to also implement new policies for remote working, so that users know what they can and can’t do and, more importantly, why.
Putting policies in place for allowed use of emails, passwords, the internet, remote working, approved and rejected applications and personal use guidelines will educate employees further and give them something in black and white that tells them how to work safely.
The IT Governance site, for example, offers a full remote working policy template to help security leaders get started in this regard.
There are many benefits for staff, the enterprise and the environment to go remote, but security leaders and enterprises must take the right precautions to ensure safety and security from all angles.