Let’s be honest, no one wants to answer the question in the headline above with a resounding “yes”. That said, there are definitely businesses out there who should reply in the affirmative – it’s just that they don’t know it.
The workplace security strategy most businesses had in place in 2019 has been made obsolete – or at least ineffective – by the events of 2020.
The mass exodus of employees from office-based working to home working dramatically altered the perception of the workplace for many businesses and their workers.
For years, most employees conducted their daily working lives in an office, sitting at a desk in front of a company PC linked to the corporate network.
In theory, that provided businesses with a large measure of control over their employees, their devices and how they used corporate data. They enjoyed a degree of security over what their employees were doing and what they were accessing.
The pandemic changed all of that.
Suddenly, employees found themselves working from home in a kitchen or bedroom in front of their own laptop or PC linked to their home Wi-Fi network.
The workplace splintered from a centralised company premises housing hundreds or thousands of workers, to many locations with different levels of connectivity, a wide range of devices and varying levels of security.
The dispersal of work, devices, employees and data, should prompt businesses to revisit their security strategy to ensure they can maintain the appropriate degree of management and control.
Certain key areas require special attention:
Securing workplace devices used outside the company walls is essential for any business. By not doing so, your workplace security will be ineffective.
You need security software and endpoint protection to make those devices as safe as the PCs sitting on the desks in your offices. They need to be protected by endpoint security controls such as firewalls, antivirus and malware protection.
Devices need to be updated with the latest security patches as they’re released. Unpatched vulnerabilities are a common reason for data breaches.
With widely dispersed workplaces and devices, the IT team should be able to apply protection uniformly. This requires implementing a mobile device management (MDM) or unified endpoint management (UEM) solution.
MDM allows your business to control PCs and mobile endpoints using a single pane of glass management interface approach. You can push updates to those devices, apply security policies and remotely wipe all applications and data if the device is lost or stolen.
Access to your data and network is an important consideration in your workplace security strategy.
In the past, most businesses were able to control access inside the company walls and for specific groups of remote workers. Mobile workers only required access to certain applications and particular sets of data. Defining that access was a small task.
With the proliferation of workplaces and devices, your business has to deal with a larger number of previously office-based employees working from home, accessing a wider range of data remotely for more diverse reasons.
This means your workplace security strategy should include the ability to classify and categorise data and define who can access it.
Employee security profiles can be used to provide tiered access with workers only being able to access data relevant to their roles.
Your business can also restrict how they use that data. Confidential material might need to be cloud-based, where employees can access, edit and save it to the cloud, but can’t download or print it locally.
Many businesses are relying on mobile networks, home broadband and WiFi networks to connect to remote employees; but too often, home networks are poorly configured or maintained.
When most employees were working in the office, connectivity was barely an issue. Connections from workers outside the office, however, still require the level of security and resilience appropriate to their roles as if they were working inside it.
Connections can take a number of forms, such as mobile 4G or 5G, internet and broadband, but they need to be appropriate for the business and implemented properly.
For example, employees that need to access sensitive data could avoid the danger of sharing a connection on a home Wi-Fi network with other users and devices by using a mobile broadband or dedicated corporate broadband connection.
Using cloud security
Another way to make your workplace security strategy more effective is to use cloud computing to minimise complexity in securing multiple assets and workplaces.
Cloud computing makes technology as-a-service possible, with consistent delivery and flexibility. Its scalability and automation are valuable features for businesses with dispersed workplaces and workers.
As hybrid working becomes more mainstream and employees mix and match office and home working, cloud can provide the managed security businesses need.
Predefined security profiles across myriad devices makes the cloud very attractive – especially compared to the piecemeal approach of mixing and matching security solutions across different devices.
We can help you address the wide range of cyber risks that your business faces, through phishing awareness, penetration testing, VPN, cloud security strategy assessment and mobile device management.