Does your organisation operate remotely? Have you decided to implement hybrid working for your workforce? If this is the case for you, then it’s time to start rethinking your cybersecurity strategy.
We’ve lost count of how many times this has been said over the last few years, but the future of business is intrinsically linked with remote and hybrid working. Though it was borne out of necessity due to the pandemic, the business world has taken to remote working, with at least half of individuals feeling like they want to continue working from home indefinitely. With all of that said, this paradigm shift is not without its challenges.
Remote and hybrid working requires organisations to rethink how they protect their organisation from cyberthreats. Between the ever-evolving landscape of threats, and the data estates of businesses being stretched beyond the borders of the office due to distributed workforces, the new normal requires a new set of protocols be implemented in organisations.
How Safe is Working from Home?
With all of this being said, many might be wondering whether it is even safe to consider working from home. If you’re wondering how safe working from home is, the short answer is: Perfectly safe, as long as you take the appropriate measures.
When a business decides to implement remote or hybrid working, the first thing they need to do is to consider how their cybersecurity strategy should be adjust to accommodate the new inherent risks. These risks include the following:
- Data Leaks – Unlike a business’ onsite infrastructure, the network infrastructure of an employee’s home office is unlikely to be especially strong; in the majority of cases, remote workers will be using consumer-grade networks. The potential for data leaks on such networks are much higher. Remote workers may also be tempted, out of convenience, to access company resources on a non-company device that is not properly protected.
- Compliance Breaches – Customer data must be protected at all costs. The law is very clear about a business’ responsibility for their customer’s sensitive data, and remote or hybrid businesses need to have specific protocols in place to ensure their management of customer data remains compliant with the legislature.
- Expanded Attack Surfaces – A business’ perimeter describes the farthest points that company data will reach; this means that in a remote or hybrid business, the devices of remote workers form part of the business perimeter. A larger perimeter means more opportunities for cyberattacks.
How Do Organisation Make Working from Home Safe?
The risks listed above are just a few of the things that businesses need to consider. However, the onus is not entirely on how individual remote workers operate, as the organisation at large will be able to do the most with regards to setting up secure remote working practices. Some of the ways in which organisations can make working from home safe for themselves include:
- Cloud Migration – It is generally agreed that cloud computing is an essential technology for remote and hybrid working. With workforces being distributed across wider areas, it no longer makes sense to host an organisations data and workloads entirely within servers in a single location. The cloud offers the flexibility and the control needed to give remote workers secure access to the company resources they need. One of the key benefits of a cloud infrastructure is the fact that it supports a more holistic view of an organisation’s digital estate, making it easier to manage, investigate and mitigate threats, and ensure all data, identities and endpoints are protected correctly.
- Enterprise-level Security – Following on from the previous point somewhat, a business implementing remote or hybrid working needs to be utilizing enterprise-level security. In other words, they need to be able to enforce strict security measures from the top (i.e. the cloud) all the way down to the bottom (i.e. endpoints). Such security measures include zero-trust models, identity and access management, cloud access security, multi-factor authentication, and much more.
So, these are just a few of the ways in which organisations can enforce the appropriate security measures to allow safe working from home. But, so far, we haven’t spoken about the actual home aspect of working from home. Let’s now look into some of the protocols and practices that ensure a secure home working experience.
Home Protocols for Secure Work
- Security Software & Antivirus
Here at TechQuarters, we have been helping clients transition to remote and hybrid working over the last few years. One of the things we have seen is an elevated tendency for employees to start using personal devices to access company resources. While BYOD can be a very convenient arrangement, it is imperative that all devices accessing company resources are protected with security software against viruses, malware, ransomware, etc.
- Use VPNs for Extra Network Protection
The issue of employees using consumer-grade networks and Wi-Fi may prove to be a risk to company data. An easy solution to this would be for individuals working from home to use a Virtual Private Network client to add a layer of protection to their network. A VPN essentially routes a device’s internet access through private servers, making it harder for data to be intercepted between a user’s device and the web.
- Access & Identity Management
With business solutions like Microsoft 365, single sign-on, or single identity, is supported across all systems, meaning employees only need one account to access all the apps, services, and data they need for work. This is by far the safest way of doing things, provided that appropriate identity and access management is implemented. While single sign-on reduces the number of entry points to an organisation’s systems, it also means that the encryption and authentication procedures for accounts must be airtight. Relevant solutions that individuals can setup include multi-factor authentication, passwordless authentication, or simply using a strong, high-entropy password.
- Device & Application Management
As well as managing identities, managing devices is a key part of safe remote work. As we mentioned before, employees can use personal devices so long as they are being managed in-part by the organisation. This does not mean employees need to give their employers access to their personal devices. Device management (or more specifically endpoint management), is about ensuring that corporate data on a device is protected – which may include enforcing management profiles on phones. There is also application management, which helps to segregate corporate data from personal data; application management may also include enforcing multi-factor authentication for company apps.
- Only Use Secure Business Apps
There is a huge array of apps and services that are available to consumers, and some employees may be tempted to start using non-approved tools and solutions in their line of work. It may seem like there is little harm in this practice, but non-business grade solutions simply don’t have the level of security built into them. For instance, all of Microsoft 365’s apps and services are hosted in the Microsoft Cloud, linked together with the Microsoft Graph API, and benefit from baked-in security measures. Even something as simple as a digital to-do list presents a risk of sensitive company information leaking out of the organisation. This is why it is very important for remote employees to only use approved business tools and solutions in their work.
