Remote working isn’t new. As far back as the days of the Roman Empire, there were garrisons staffed with soldiers remotely representing the rule of Rome in far-flung outposts of the empire.
Before the coronavirus pandemic, many businesses had a small number of mobile or remote employees working some of their time out of the office.
What changed in 2020 was that the minority became the majority, with the wholesale migration of workers to remote workplaces. These new workplaces – usually bedrooms, kitchens, studies or living rooms – are far removed from the office spaces employees previously worked in every day. In many cases, the devices they are using for their work are different too.
This dramatic shift has significant implications for the security of their working environment and for your business.
Your remote workforce is the first line of defence
Back in the Roman times, remote garrisons were often the first line of defence against invasion of the empire. Your remote employees can play a similar role as a human firewall for your business.
Employees are often targeted by cyber criminals seeking to gain access to a company’s network and data. But if your employees have the knowledge and training to repulse those attacks, they can stop them dead in their tracks at the furthest edges of your business.
Helping employees to understand the types of risk that are created by remote working and how to deal with them is one of the most effective forms of cyber defence there is.
The rise in remote working in 2020 was accompanied by an increase in phishing attacks as cyber criminals attempted to gain access to corporate data via endpoint devices outside the network.
The IDG 2020 Security Priorities Study found 36% of security incidents were caused by remote employees falling victim to phishing or other non-malicious violations of security policy.
In a recent paper, McKinsey gives an example of how awareness can help, with a large bank that adjusted its security policies in response to the huge rise in phishing linked to the COVID-19 pandemic. After running more frequent awareness campaigns with pandemic-themed content, there was a 95% improvement in employee click rates during monthly anti-phishing tests.
Securing remote devices
Employees that had been using desktop PCs in an office inside the corporate network perimeter are now accessing corporate data from a laptop or PC, possibly their own, outside the company walls.
If these devices aren’t secured with endpoint security controls such as firewalls, antivirus and malware protection, they’re putting the business at risk.
Even if they have the right protection in place, they also need to be updated with the latest security patches applied speedily. Unpatched vulnerabilities are a common reason for data breaches.
A unified endpoint management (UEM) solution is one means for your business to control PCs and mobile endpoints with a single pane of glass management interface. You can push updates to those devices, apply security policies and remotely wipe all applications and data if the device is lost or stolen.
Securing remote access
With so many devices accessing the network remotely, businesses need to be reassured that access is secure.
In the past, the small number of remote workers in most companies made it easy to classify data access according to job role. Mobile workers typically only needed to use certain applications and interact with particular sets of data. Defining that access was a small task.
With more remote workers accessing a wider range of data, classifying and categorising is vital.
This could require introducing employee security profiles to create tiered access. For example, your business could define data in three groups: freely accessible with little restriction, company confidential material and strictly confidential data.
This would be backed up by restrictions on how that data is used by employees. Confidential material might need to be cloud-based, where employees can access, edit and save it to the cloud, but can’t download or print it locally.
Securing remote connectivity
Many businesses are relying on mobile networks, home broadband and WiFi networks to connect to their remote employees. But even if the technology underpinning home networks is as secure as that for office wireless networks, it hasn’t been configured by trained engineers to provide appropriate and consistent levels of security. Home networks are rarely configured and maintained to a professional standard.
Connections from workers outside the office require the appropriate level of security and resilience to their roles working inside it. These connections can take a range of forms, such as mobile 4G or 5G, fixed line, internet and broadband, but they need to be appropriate for the business and implemented properly.
Those that need to access sensitive data could be connected with mobile broadband or a dedicated corporate broadband connection, for example. This avoids the danger of sharing a connection on a home wireless network with a number of users and devices.