Remote working previously had a rather poor reputation, with many organisations unwilling to adopt the approach on the notion that workers may not be as productive when faced with the distractions of home.
In spite of this, with the rise in technology and telecommunications, the popularity of remote working has increased over the last decade - even before the COVID-19 lockdown - with businesses allowing their employees to work remotely one or two days a week or some even becoming a fully remote company.
Unlocking collaboration: Making software work better together
How to improve collaboration and agility with the right tech
Businesses have asked their employees how they feel about working from home and most workers have stated they don’t want to return to the office full time following the pandemic, claiming it has boosted productivity and helped with work-life balance. Global enterprises are supporting their employees' wishes, with giants such as Google planning to implement a flexible working week once it’s safe to return to the office. While others have taken even further steps and are considering closing their office spaces for good to reduce their physical footprint.
The benefits of being able to work from home had already been shown long before the pandemic and those who’d jumped on the trend early would undoubtedly have had a smoother ride in adjusting their working solutions during the first lockdown. However, those less prepared had to suddenly switch to supporting a remote workforce, often without the appropriate security measures in place, which resulted in increased opportunities for cyber criminals taking advantage of the businesses’ vulnerabilities.
The road emerging from COVID-19 may still be bumpy, but putting some careful thought into your remote working strategy can help you navigate it successfully. To avoid any more pitfalls, you should consider the following three key factors.
This new remote-working model may pose the biggest security challenge your IT team has ever faced. These suddenly dispersed networks have created new vulnerabilities and amplified others – vulnerabilities that can seriously disrupt operations and potentially cripple businesses unless addressed through a strategic and systematic process.
While the switch to remote-working was abrupt for many businesses, it’s vital that any long-term strategy be supported by a secure, future-proof infrastructure able to support business operations wherever your workforce is based. Cyber threats continue to evolve, with malicious actors taking full advantage of new vulnerabilities created by the events of 2020. A robust appraisal of your existing security systems should be carried out without delay to inform whatever changes need to be made to properly protect your network.
For example, employees logging in remotely opens your business up to any of the vulnerabilities of their home networks – potentially unsecured systems that typically won’t enjoy the same levels of protection as on-premise networks with their firewalls, blacklisted sites and anti-spyware. VPNs could be the answer, but even these come with limitations and cannot be relied on alone, and without the tools and systems available to spot threats, IT teams may be lured into a false sense of security – they may not know of a security breach, and consequently, remain unaware that data has been compromised.
Enterprises should ensure that company data is only accessed on company devices with integrated security solutions such as antivirus software installed on each with oversight for IT teams. These devices should then be monitored, eliminating the threat posed by shadow devices. With these defences in place, an enterprise will be well on its way to ensuring employees are working securely.
Remote working simply isn’t possible without staff buying into the strategy. No matter what level of security you provide, if users struggle to conduct themselves and adopt the technology that enables them to work securely, productivity will slump. Staff need to feel connected to the enterprise, which without physical contact with neither the office nor colleagues, is no mean feat.
Here, communication is key. In addition to the host of daily and weekly ‘catch-ups’, staff universally need to be updated to the changes in work practices and security protocols. However, most companies simply aren’t doing enough.
According to VMware’s 2020 Global Threat Report, over a quarter of respondents to its global C-suite survey admitted to severe lapses in communication with employees, with almost 80% stating these lapses were slight or very significant. Interestingly, the report also found that larger employers reported higher breach frequencies. It appears greater resources devoted to security aren’t enough to offset the dangers of flaunting a large online surface area, which cyber criminals will look to exploit.
Staff particularly need to be educated as to the threat of phishing emails and other scams, tactics which may sound simple but are very effective when met with the uneducated user. They should be encouraged to use only enterprise devices, strong passwords, or preferably, single sign-on authentication should be enabled across the business.
There are occasions where no matter the precautions, and no matter the levels of security, breaches do occur. Damaging at the best of times, with the bulk of employees working remotely any disruption has the potential to grind business operations to a halt.
However, although remote working puts businesses at greater risk compared to being based on-premise, it also presents an opportunity. With hindsight, businesses can look back at the problems they experienced during the COVID-19 lockdown and move to address them.
Forensically examine bumps to business continuity and identify the tools and systems which, if implemented, would smooth them over. Crucial operations and systems should also be earmarked, with disaster recovery and backup strategies created to prevent downtime in the future. Automating these processes can play a role in enabling a swift response while mitigating human error and maximising efficiency.
The COVID-19 crisis has done enough damage for a lifetime. Now is the time to reflect and learn the lessons that it taught us.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2023.