If you’re seeing an increase in remote workers within your own company or at supplier and customer organisations, you’re not alone. According to Forbes while some companies continue to insist that employees come back into the office, data scientists at Ladders insist remote work is here to stay. According to their projections, 25% of all professional jobs in North America will be remote by the end of 2022, and remote opportunities will continue to increase through 2023. Researchers from Ladders have been carefully tracking remote work availability from North America’s largest 50,000 employers since the pandemic began. Remote opportunities leapt from under 4% of all high paying jobs before the pandemic to about 9% at the end of 2020, and to more than 15% today. So, we’re not exaggerating when we say that remote working is a trend that’s set to continue as the US figures reflect the trend in the UK also. And we think it’s a good thing generally. You just need to plan for it from a cybersecurity perspective and today we’re going to explore just how to do that.
Remote work is better
For many reasons, remote work is better for your employees. It reduces turnover by increasing job satisfaction. It reduces costs and may see less frequent or smaller pay rises as a necessity in the future. And it offers your team a better work-life balance where they don’t feel like they are neglecting their families. Plus, remote working employees simply do more. Apollo Technical stated that several studies over the past few months show productivity while working remotely from home is better than working in an office setting. On average, those who work from home spend 10 minutes less a day being unproductive, work one more day a week, and are 47% more productive. So, you’re getting more out of your teams. Eventually, you may be able to reduce overheads by downsizing or eliminating your physical office premise altogether. One of the major disadvantages is the increased risk of cyber security threats. But you can protect your remote workforce with today’s advanced technology.
Increased cyber security threats of remote and hybrid workers
There are several threats that your remote and hybrid workers face that are exacerbated by working outside of the office. These include:
● Device management – knowing what devices your teams are using and who has access to them
● Confidential information – ensuring data is stored and discussed securely and not with partners or friends
● Passwords – having a strong password manager and robust policies so devices and access aren’t compromised
● Phishing protection – ensuring teams are trained and protected against phishing
● Personal devices – ensuring personal devices are secured and fall under the company’s security policies
● Video & voice disruption – ensuring unauthorised personnel are not allowed access to video & voice conferences
● Backup systems- making sure that all systems and data accessed by remote workers are backed up
● Paper copies – ensuring no paper data is stored at the remote worker’s residence or left in public places
● Device lockdown – in case of a breach, rapid and fast device lockdown can be activated
● Training – ensuring all teams are trained on best practices even when they don’t come to the office
A checklist like this one might help you identify the risks to your cybersecurity from remote and hybrid workforces. But your IT security implementation partner and internal IT teams can help you understand where the new vulnerabilities lie and how best to address them.
What you need to consider to secure your remote workers
This new hybrid reality creates a variety of security challenges. Remote employees may be using consumer-grade internet connections to access the corporate network. They may be working on personal devices. Most of the network traffic is now supporting people off-campus, rather than the other way around. Email threats like phishing are on the rise, while endpoints continue to be a prime target of attackers as they take advantage of pervasive remote work to gain access to the crown jewels of the enterprise. And according to Digital Guardian organisations need to tighten their belts to ensure data security with measures such as:
- Content storage should be allowed on cloud-only. Use cloud or web-based storage software that allows sharing and editing of documents
- Network Security using a proxied connection to the device only.
- Endpoint security using 2-factor authentication. This adds a second level of security to important applications. Multi Factor authentication uses OTP (one-time-password) technology, certificate-based USB tokens, smart cards, and many more advanced security technologies.
- App security such as email and storage using on-device security apps like Proofpoint and Datamotion, etc. There are several set-and-forget email encryption tools on the market. These systems deliver end-to-end protection, taking care of everything from scanning to encryption.
- No connection is allowed with public WiFi.
- Contingency plan for risk management. If a remote worker loses a laptop with sensitive business information on it, it’s essential that the laptop can either be tracked or remotely deleted.”
To do these things, there are several tools you’ll need to deploy. These allow you to provide secure endpoints and VPNs among other essential services for remote & hybrid workers.
Tools to deploy
Market leaders are already offering complete integrated solutions to address these challenges. Cisco explains why you might want to get all of this from one place with 93% of organisations that are suffering from cyber fatigue indicate complexity as a top cause of security burnout, according to the same CISO Benchmark Report. Organisations are tired of getting stuck in the vortex of stitching up multiple products that don’t easily fit together. What you need is a turnkey integration that offers quicker time to protection. An integration partner, like Nowcomm, will help you understand your vulnerabilities and how best to address them. But at a minimum, you’ll likely want the following protection:
Access security systems are a must for your connected and remote workforce. Securely access devices, manage, and monitor them, confirm user identities, and quarantine issues immediately with robust access security. Offer single-password access in a safer way through technology and make multi-factor authentication the bog-standard for your organisation on your way to a Zero Trust Framework.
Flexible, cloud-delivered security when and how you need it combines multiple security functions into one solution, so you can extend protection to devices, remote users, and distributed locations anywhere. Since so many of your workers are now uncoupled from traditional offices and the base layer of security offered there, you need to bring protection to where they are on the cloud.
Probably one of the most important security considerations for remote workers – their devices. Endpoint security considers how they are accessing your network and tries to protect that access point from bad actors. Look for something that includes advanced antivirus, behavioural monitoring, file analysis, endpoint isolation, threat hunting & grids with an orbital advanced search for an easy to configure and use tool for any size of hybrid or remote workforce.
A VPN provides a safe tunnel between users and applications so workers can stay productive and connected when they are on the road or working from home. It helps ensure only approved users get in by providing the right level of security without compromising the user experience. Make sure to offer a robust VPN that creates a secure connection that’s still lightning fast. Slow connections are linked to poor employee experience and lowered retention rates. Make it easy and seamless for them to use through your startup sequences and policies.
With so many workers out of the office on a full or part-time basis, it’s becoming impossible to conduct cybersecurity training in person. So, investing in a robust online training program with deliverable e-courses on email security, password selection, device sharing, and more is a powerful tool in your arsenal. Remember to refresh this training every four to six months to keep employees aware of new and emerging threats.
Following the last couple of years, flexibility is now a prerequisite for many jobs not a nice to have benefit. Employees will continue to demand flexible, hybrid work environments or they’ll simply seek opportunities elsewhere. Responsible employers need to respond and plan for this cultural change which on a positive note does improve productivity, job satisfaction and work-life balance.
Through security measures such as VPN, online training, endpoint security protection, cloud security and access security you won’t leave your company exposed to this new generation of working.
Talk to your cybersecurity implementation partner about what your risks and needs are to determine the full scope of actions required.