The remote workspace has changed dramatically. It’s quite ‘normal’ for remote workers to have virtual drinks on a Friday afternoon as it’s common to see kids pop into video calls and seeing co-workers in their sweatshirts and casual wear. Workers using their personal mobile and laptop devices to access business systems are also on the rise like never before. This poses many ongoing challenges and risks for your organization’s IT department and your ‘work from home’ (WFH) employees.

The New Normal Will Become More Permanent

Based on a recent survey conducted by the Canadian HR Report, 85% of the survey respondents stated they have half of their workforce working remotely, of which 36% said cybersecurity threats have risen since WFH has been in place. These types of threats are now prevalent as the remote-working rush produces conspicuous gaps in IT security and this rising trend of working remotely is expected to continue post Covid-19. According to a Gartner survey, 74% of CFO respondents say they expect a transition of a portion of previously on-site employees to remote work permanently. This means security issues such as data breaches are not going away and will exacerbate even more – as witnessed by the rising number of malware and phishing scams.

Develop a Holistic IT Security Strategy

Securing your remote workspace (and your remote workers) has become a very high priority now and in the future – as this is part of supporting business continuity plans while ensuring capacity and services are available to end users such as leveraging the cloud and deploying software apps to employees and customers. The need to address IT security concerns varies across organizations, whether that is tackling security endpoints, protecting data security, ensuring system access and availability, delivering performance and reliability or preventing ransomware.
To develop a security and risk management strategy, start with your IT roadmap. It’s critical to understand what’s new and what’s changed in terms of business goals and how they are operating. Revisit your business goals, risks and compliance; assess them against your technology capability and availability, then come up with a strategy and develop your roadmap.
All new security strategy is intended to outline any major security concerns and will have three main elements – Governance, Management and Information Security framework. For governance, you need to find a balancing act between having the right amount of security in place to safeguard data and systems, and ensuring users are productivity and not excessively restricted, preventing them from serving its customers adequately. In terms of management, people, process and technology are involved. For example, a new “work from home” policy gets developed that states everyone working from home must use a company-issued computer to be set up with a virtual private network (VPN). Furthermore, anyone working from home can access their OneDrive account only if they are logged onto the network and connected to a VPN.
To reduce attack surfaces and risks associated with remote working, you’ll need to address the following – Culture and Awareness, Network Security, Endpoint Security, Vulnerability Management and Security Incident Management. Culture and awareness in particular, involves continuously educating your employees about the potential risks and security exposures and training them on what every employee ‘can’ do to help minimize these risks. This involves testing their knowledge, working with your HR team to implement frequent and ongoing internal awareness campaigns and ensuring workers know how to respond.

Our Recommendations

Enabling and securing your remote workers is critical and ongoing, we recommend you consider these next steps:
– Strategy – Know what you need!-
– Architecture Design – Focus on the solution that matters (to support the right level of scalability and nimbleness)
– Get Secure – Use professional assessments to help you get started
– Manage – Stay diligent, and monitor and audit often
– Be Wise with Resources – Keep your technology updated
Interested in learning more on how to secure devices and protect your remote staff from phishing and ransomware attacks? Catch a replay session of our New World of Work Webinar Series on Fortifying and Securing the Remote Workspace. Watch the Recording Now