The challenge of remote working and cybersecurity
‘The rush to move employees to remote working often came at the expense of security’
The four-step roadmap to “freedom day” on June 21 has now been laid out by the UK government. Despite a clear, data-driven end in sight for the social restrictions coronavirus has inflicted upon us, there is no doubt in leadership discussions worldwide that there will be long-lasting changes in workplace and workforce trends.
Remote working will remain in place even when vaccination programmes enter the annual booster phase. A survey conducted by Omdia found that at least one third of the global workforce will work remotely at any one time and hybrid working environments will become commonplace.
The importance of cybersecurity
Although the initial scramble was to ensure employees could remain productive and connected when the pandemic first began, longer term IT and human resources teams must ensure security is an important consideration in an ongoing remote environment and that employees understand the risks. The rush to move employees to remote working often came at the expense of security, which was understandable given the speed and scale of change.
Cybersecurity is one of the largest threats to global business and, with targeted attacks on the rise, resilience is paramount. With remote working practices a new normality, employees are increasingly working with a mixture of corporate-owned and personal devices. In addition, they are accessing company and customer data and applications in the cloud beyond the traditional enterprise perimeter.
Omdia’s Future of Work Survey indicated respondents believe the most challenging aspect of remote working is ensuring employees can work securely and in compliance with industry requirements across multiple sectors. Moving the same security approach from the office to remote working is not enough and employees must be educated on security from home.
In the same survey, of approximately 5,000 organisations, fewer than 43 per cent have a fully developed or well-advanced proactive approach to cybersecurity and digital risk, which is alarming.
Empowering employees with new technology
Businesses need to evolve their approaches to security and invest in new and more advanced mobile security capabilities. Mobile security presents a diverse set of associated threats that businesses must mitigate and should manage as part of a broader approach and strategy for cybersecurity, especially if organisations are to ensure they can sustain current levels of remote working.
A business-wide and unified view is important as approaches to security and the solutions that underpin these should not be adopted in a siloed fashion to be truly effective.
Employees will need to be empowered with new technologies that can help them work in new ways, but in a fashion that doesn’t expose the organisation to a level of risk that’s unmanageable. VPN systems and pre-existing security approaches were not designed to support a large remote workforce. Many organisations are still using a mishmash of security controls that are not fit for remote working. They also need regular review to make them more robust and sustainable.
It is important organisations consider not just the technologies that can help, but also changes to people and process practices. Individuals and employees are equally as responsible for security and need to adopt a security mindset that will only come with improving the awareness and education of risks associated with remote working and solutions. This needs to happen regularly and at frequent intervals.
Increasing employee engagement generally, and not limiting it to education, will also help employees. As we continue to work remotely, an increase in organisational support for mental health is critical in building and sustaining engagement for remote workers. This should include regular health and wellbeing support and manager check-ins as just a few examples. It is natural people who feel engaged will play a better part in secure remote working for any organisation.
People and technology solutions combined will play the most pivotal part in protecting an organisation from potential security threats.