With the onset of the Covid-19 pandemic, working from home has become the new business normal. Despite the requisite technology and tools being available for years, it has only been in recent months that organisations started remote working at scale – prompted by workplace health and safety considerations as well as legal requirements to minimise the spread of infection.
Almost nine in ten (88%) companies globally have encouraged or required employees to work from home due to coronavirus, according to Gartner.
But most employees’ home technology wasn’t designed to support enterprise use cases, particularly when all members of the household go online at the same time. And the speed and urgency of the migration to home working during a pandemic has been a wake-up call for both employees and employers alike.
Against this backdrop, how can organisations empower their infrastructure and people to work securely and productively from their living rooms, home offices and kitchens?
Empowering your infrastructure to support remote working
Lesson: Minimise uncertainty and complexity
The middle of a pandemic is not the time to go with the untried or the untested. The key to enabling secure remote working at scale and at speed is reducing uncertainty and complexity wherever possible.
- We’re seeing many organisations use VPNs to enable secure tunnelling. That provides a level of secure connectivity so companies can trust users who would normally not be able to access critical apps on a home wifi network, for example.
- Make sure your systems are fully patched and there are systems in place to monitor access and potential breaches. Ensure security logs are available to your security monitoring teams so that there are more eyes looking out for issues.
- And finally, be aware of device management options through endpoint security services. You can disable USB ports on laptops or mandate malware protection on tablets or phones to reduce the risk of a security breach. Notably, we have seen a significant uptake in endpoint detection and remediation to isolate infected endpoints.
Lesson: Identify and authenticate
With most people owning multiple devices and accounts across different service providers, it’s impossible to monitor and manage each individual. The ability to identify and authenticate your users is a vital first step to mitigating those risks.
- Instead of relying solely on usernames and passwords, which can be hacked or stolen, use multi-factor authentication for an added layer of security.
- Monitoring user behaviour where possible, to promote a security-focused mindset. If a user logs in across multiple devices in different locations, your software should be able to flag it as suspicious activity.
- Have a quick fix at hand to pre-empt any security incidents – for example, using your cloud infrastructure and SaaS solutions as a central source of identity can let you disable accounts quickly, if necessary.
Empowering your people to make the most of remote working
Your organisational security is only as good as the compliance of your people with established practices. And in times of such enormous change, those practices need to be reinforced regularly.
Lesson: Awareness is critical
Even the most secure infrastructure can be breached by one errant click of a phishing email.
This is where building and then maintaining a high level of security awareness among your staff is even more crucial – especially at a time when security teams are seeing increased activity taking advantage of the uncertainty driven by the coronavirus.
- Training is essential at times of change so that employees are clear on what’s expected of them, and why those processes or behaviours are required.
- While it may seem like overkill, behaviour only changes when messages are delivered over and again. Don’t forget to reinforce desired behaviours like awareness of phishing threats through regular email communication.
- Be aware that often employees will be understanding of enforced change in these circumstances. We’ve heard from a range of businesses that their people realise they have to work differently and accept both the benefits and challenges of that change.
Lesson: Balancing secure productivity
Without a fully embedded security culture, staff can take matters into their own hands to get their work done – which can create an imbalance between productivity and security.
- The apps or services your employees rely on to do their work may not run at their best – or at all – when working from home. That can lead to people finding workarounds to get work done, through the use of WhatsApp, home email, or other consumer services beyond your security stack. It’s critical that you get the balance between security and productivity right to mitigate use of shadow IT.
- It’s also important to remember that staff will be unable to seek deskside support from IT teams, which can impact their ability to work. Enabling remote support is essential to ensure the user experience should remain the same.
Creating a remote working culture for today – and tomorrow
The enforced adoption of remote working across the globe has seen organisations scramble to ensure security, collaboration, productivity and performance – for both IT and for people. Yet, there may also be a number of organisations that have adopted the requisite technologies while overlooking the security aspect.
For these organisations, it’s imperative to review their solutions periodically to ensure they meet established security standards – or risk being vulnerable to a major security breach.
While working from home has become the norm for most people, it’s also important to remember this pandemic won’t last forever. That’s why we can begin to plan for what happens next.
We have a big opportunity to get our systems and our cultures right to enable a more productive, safe and empowered business in the future.