After more than 18 months, the remote work “experiment” is no longer temporary. Many organizations have determined that remote work is beneficial for their employees and their productivity, including large enterprise companies that are now offering their employees permanent remote work options.
In a recent report on hybrid work trends, Gartner predicts, “By 2022, 25% of the global knowledge workforce will choose their home as the primary workplace, and 45% of the workforce will be working from home two to three days per week.”
Meanwhile, a majority of employees have embraced the idea of working from home. According to a Gallup poll conducted in September 2021, “91% of workers in the U.S. working at least some of their hours remotely are hoping their ability to work at home persists after the pandemic.” Gallup’s research shows that most employees prefer hybrid work, with 54% of those surveyed indicating they’d prefer splitting their time between home and the office. But more than one-third of employees would prefer to work exclusively from home.
Organizations need to address one of the risks associated with remote work: cybersecurity. Forbes recently discussed some of the factors behind the increased vulnerabilities from remote workers. “Work-from-home employees are at much greater risk than those in offices. Since home connections are less secure, cybercriminals have an easier entry into the company network.,” they stated. The article also mentioned “the explosion of various online tools, solutions, and services for collaboration and productivity,” which often carry minimal security and are inherently riskier.
Meanwhile, Deloitte reports that working from home presents “a gateway to new forms of data theft, companies face increased cyber risk.” Along with cybercriminals, Deloitte warns that “employees can also be a weak link in corporate IT security systems.”
Organizations need to start by identifying key areas of risk that are evolving due to new remote work options, and developing solutions to help mitigate these vulnerabilities.
What are some of the key risks?
Many of the critical risks involved with employees remotely accessing work systems involve how they’re connecting. These areas include accessing and using non-secure networks, multiple endpoints (i.e., non-secure devices, shared devices), as well as using tools and products built without security protocols in the programming. Downloading unsafe apps on devices that are used for work activities is another risk associated with personal devices.
When working from home, employees tend to be less diligent about security measures, for example, by not logging out of systems when away from their computers. When working from any remote location, there are also “over the shoulder” security risks, which can result from making confidential phone calls or attending business meetings in a public area.
The growth of IoT devices is another security issue. The popularity of IoT means that many different types of devices are accessing home networks – tablets, smartphones, gaming platforms, smart home devices, home security cameras – and even appliances. This greater access creates more attack vectors and potential vulnerabilities. As TrendMicro noted, “While diversity can give users countless devices to choose from, it is one of the reasons behind the fragmentation of the IoT and carries many of its security concerns.”
Finally, personal devices and work devices alike are subject to forms of social engineering, including phishing emails, ransomware, and other attacks.
Solutions and Guidelines to Make Remote Work More Secure
Organizations need to develop clear and straightforward policies and procedures for their employees and staff to follow when working at home or remotely. These policies need to be in place even if a company is using a hybrid approach.
In order to ensure successful solutions, the organization needs to encourage a security-minded culture starting from the leadership level. Organizations must take steps to make sure their teams understand cybersecurity policies, including communicating the information and educating their teams on protocols involving personal devices.
For optimal security, BYOD practices should be in effect no matter where their employees are working. Verizon, in their 2021 Mobile Security Index Report, recommends that organizations implement a zero trust approach. “A zero trust approach is ideal for a BYOD program. It can reduce the reliance on end users making informed and security-conscious decisions. And it can improve user satisfaction and productivity as it automates many aspects of security protections, reducing the number of intrusions to the user’s activities.”
To minimize employee use of non-secure tools, organizations need to provide software that is built securely, to keep employees safe from hacking.
Best practices and guidelines should also address areas such as:
- Make sure employees are using secure servers, secure connections, and secure data transfer.
- Ensure teams are using secure collaboration and video tools.
- Emphasize the use of Multi Factor Authentication at all times.
- Access with only secure routers – avoid using “free WiFi,” and put security in place on home routers.
- Keep operating systems, apps up to date. Outdated software and apps are large sources of security breaches.
- Practice good password hygiene, another top source of security breaches.
Finally, organizations need to supply their employees with the right tools to do their jobs. They need tools and software that are not only secure but flexible and effective, so they don’t resort to using non-authorized tools. Hybrid teams need to be productive no matter where their team members are located, which means they need secure and effective tools for collaboration, communication, file sharing, and document storage.
Click here to learn more about how Lumicademy’s video conferencing platform can help your remote teams collaborate securely and effectively.