Research and advisory firm Gartner has found that, after the COVID-19 pandemic abates, businesses will face a new kind of challenge: managing hybrid workforces. According to Gartner, 82% of business leaders plan to let employees continue to work from home in at least some capacity, while 47% plan to allow employees to do so permanently.
Major banks – including JP Morgan and Barclays – and technology companies like Google, Twitter, Facebook, and Square are just some of the organisations that have embraced remote work as part of their business models. In fact, three-quarters of the 43 large companies surveyed by The Times spoke of moving towards flexible working policies permanently.
Getting serious about remote work and cloud security
Temporary or not, the shift to remote work has caused lasting changes to the way people work. Even companies that are going back to having an office presence have developed WFH practices and will continue to enhance them, whether by hiring more remote employees, retaining employees who move out of town, or even shifting entirely and permanently to remote work.
“More employees working from home means more devices are connecting remotely, i.e. outside of the secured corporate network. As a result, businesses’ control over data is slipping rapidly. This is why it’s so critical to understand what remote workers are doing with that data and rework the new ‘normal’ to make it more effective and secure,” says Juta Gurinaviciute, Chief Technology Officer at NordVPN Teams.
It’s time for organisations to get serious about implementing the security measures necessary not only for securing remote edge devices and entry points, but also to make these measures part of a unified, comprehensive strategy. All of this forms a single, integrated security framework designed to simplify management and expand visibility and control.
Fortunately, most organisations now have the data and know-how necessary to understand how remote work impacts their applications, life cycle, and IT infrastructure, as well as its effect on traffic to applications that are located on-premises and in the cloud.
Mapping the future of work-from-home security
The consequences of poor cybersecurity hygiene while working remotely can include anything from compromised sensitive data to unauthorised access to the organisation’s infrastructure. Secure communications while working remotely can be ensured by the combination of technical solutions and controls with proper employee operations security (OPSEC).
“Typically, when it comes to securing your teleworkers, the first item on the agenda is developing a corporate policy. This policy should outline what’s acceptable in a remote working environment, how data is handled, what levels of authorisation are available, etc.
“Risk-based decisions can also be made depending on the types of devices employees use for teleworking (for example, company-issued devices, personal laptops or smartphones, etc.). Devices that haven’t been issued specifically by the company should be subject to more stringent controls,” says Gurinaviciute.
Organisations need to get up to speed and take measures that ensure data security:
- Content storage should be allowed in the cloud only. Use cloud- or web-based storage software that allows for sharing and editing of documents (for example, Cisco Cloudlock).
- Endpoint security using two-factor authentication. This adds a second layer of security when logging in to important applications. Multi-factor authentication uses OTP (one-time password) technology, certificate-based USB tokens, smart cards, and additional advanced security technologies.
- Any connections to the company’s network should be performed through a VPN (Virtual Private Network), which uses either SSL (Secure Sockets Layer) or IPsec (Internet Protocol Security) to encrypt communications from the remote worker’s machine; This safeguards both the end user and corporate environment, ensuring that no one is able to decipher sensitive data traffic.
- Risk management contingency plan. It’s essential to have the possibility to either track a laptop or wipe it remotely in case a remote worker loses a laptop with sensitive business information on it.
“Security teams have to develop new policies to respond to these challenges. Some of them have already done so, but their work doesn’t end there. They need to communicate those new policies to the entire workforce and train employees on how those changes affect them,” the NordVPN Teams expert adds.
Combining remote workers with cloud infrastructures can present numerous business opportunities. But without the right cybersecurity and operational framework, the cloud presents serious challenges that can have far-reaching repercussions.