As organizations have embraced mobile devices and cloud-based services, as Wi-Fi and broadband have become faster and more reliable, and collaboration tools have improved, remote working has become gotten easier.
Remote work It has also become increasingly popular because it provides a way to enable greater flexibility and productivity at work, save costs, retain employees, hire people with the right skills regardless of location, and foster a healthy work-life balance. .
Barriers to remote work brought down by the Covid-19 pandemic
Unsurprisingly, remote working has been quickly adopted by those working in IT, sales and marketing, business administration and management, and software development. But not every industry sector and country has been quick to embrace remote work for a variety of reasons, including the nature of job roles, national and corporate culture, and concerns about productivity and safety. However, the Covid-19 pandemic has changed that.
Since the start of the pandemic, most companies have been forced to expand their remote work capabilities or allow them for the first time to return productivity to as many employees as possible.
In the post-Covid era, many organizations will have to adapt to allow employees to work from home and from the office when needed. As a result, organizations will need to focus on enhancing their remote working capabilities, particularly in terms of ensuring that people can easily and safely switch between the office and work from home.
This is likely to drive the adoption of a zero confidence approach to security or at least the adoption of SASE solutions that potentially allow flexible and secure connectivity to corporate resources.
A more detailed discussion of zero trust can be found in this op-ed titled, Zero trust: now is the time, and a more detailed discussion of SASE can be found in this op-ed titled, Security Think Tank: SASE: Marketing Buzz or the Future of Security?
Hybrid work has quickly become a way of life
The pandemic has accelerated the adoption of remote work capabilities for many organizations, and we expect remote work to be more common than ever in the post-Covid era, with most organizations adopting a hybrid work model in which employees they spend less time in the office each week than before the pandemic.
The hybrid model allows a greater degree of flexibility by allowing employees to choose to work in the office, at home or elsewhere, depending on what work they need to do and when they would like to do it.
While organizations that previously had a strong office work culture are trying to resist the trend to work from home, most organizations have found that it provides the opportunity to downsize their workspaces, allows them to hire more easily without traditional geographic restrictions. and improves the employee experience.
In fact, in the face of the big resignation, many organizations are admitting that they are embracing hybrid work models to retain and attract talent because employees are increasingly deciding whether to accept job offers based on whether the company in question offers flexible work.
Cybersecurity Implications of Increased Remote Work
The relevance and impact of remote / home work can be summarized as follows:
- There has been a sharp increase in remote / home work since the start of the pandemic that has attracted a huge increase in cyberattacks on remote workers.
- The United States Infrastructure and Cybersecurity Security Agency (CISA) has reported that virtual private networks (VPNs), which many companies rely on to allow remote access, are under attack and can no longer be considered secure.
- CISA has also identified the use of single-factor authentication, which means just a username and password to grant user access without requiring anything else, as an “extremely risky” practice.
- Working remotely / from home requires new approaches to cyber security, which means that most organizations will have to adapt their security accordingly.
- End-user organizations will need to pay more attention than ever to keeping remote workers safe, especially those who work on their own devices, such as laptops and smartphones. The trend of giving remote workers a budget for the purchase of the devices of their choice is helping to drive bring your own device (BYOD) even more.
- Security vendors will have to adapt existing offerings or introduce new ones to support remote working, particularly employees who work from home and access on-premises and cloud resources over home Wi-Fi and the Internet.
In light of the fact that remote work is increasingly a standard requirement and because enabling it can be risky if not done with security in mind, end-user organizations with remote workers should:
- Make sure automatic security updates are enabled for all remote / home workers, as well as all other users, endpoints, and servers to ensure systems are always fully patched.
- Reassess data security tools / strategy in the context of remote / home work to identify and fill any gaps in data security in remote work and collaboration tools, and BYOD devices.
- Take a zero-trust security approach to enforce strong authentication and authorization of users and devices across the network to verify the identity and access rights of the person or entity requesting access.
- Optimize your suite of security tools to support zero trust and risk mitigation, and retain only those tools that truly help you achieve these goals to reduce complexity and increase effective security.
- Implement Multi-Factor Authentication (MFA) at a minimum to reduce reliance on passwords as the sole authentication method, protect against credential theft through phishing, and investigate options for adopting passwordless authentication.
- Implement encryption for all sensitive data storage and transfers, so that even if the data is exposed, it will be useless to attackers without the decryption key.
- Upgrade or implement Data Leakage Prevention (DLP) to prevent inadvertent exposure of sensitive data, and Cloud Access Security Officers (CASB) to extend enterprise security policies to cloud infrastructure.
- Implement a privileged access management (PAM) to monitor, record and control all the activities of privileged users.
- Implement effective endpoint protection, detection and response (EPDR) solutions for all devices and a unified endpoint management (UEM) solution to enhance security on BYOD devices.
- Consider using a cloud-based desktop as a service, virtual desktop, and secure remote access solutions where employees are using their own laptops instead of company-owned and maintained devices to ensure compliance with security policies.
- Assess whether the SASE cloud architecture is the right approach for your organization to enable workers to access cloud and on-premises services securely from anywhere and on any device.
- Plan for the worst by implementing systems and processes or services that enable the organization to detect, respond to, and recover from violations, including a defensive SOC, SOAR, and resilience.
- Educate employees on security risks by implementing regular, brief, and focused awareness training to improve understanding of threats, attacks, and their role in improving security.
Remote work, especially from home, is here to stay. In the post-Covid era, organizations are adopting more flexible policies on where and when people work due to increased demand from employees. Therefore, it is important that enabling remote work in a safe and secure manner is a top priority for all organizations.