Homeworking brings fresh security challenges, and a chance to change the way we do business – for the better.
In recent years we’ve become accustomed to hearing how new technology is changing how people think and interact. But throughout most of history, it’s been more a case of needs must – we’ve created technology to overcome challenges our environment has thrown us.
The technology that lets us work from home is good for more than carrying on business in a crisis. Employees escape cramped cubicles and noisy open offices. They cut hours (and pollution) from their daily commute. We work at times that suit us, in a place we’re most comfortable, closer to loved ones. Businesses can tap into talent around the world and reduce the cost of assets and buildings. They also benefit from home-based employees being more productive, engaged and loyal.
Change your culture as well as devices
There’s more to enabling working from home than giving employees a laptop and corporate smartphone or introducing a bring-your-own-device (BYOD) policy. It’s a culture change. Business executives must lead by example and administrators must find ways to stay in control of digital assets.
Charl Ueckermann, CEO of Kaspersky’s Africa Partner of the Year 2020, AVeS Cyber Security says:
“You want the best of both worlds: minimize business disruption and open opportunities to create new business models.”
Business leaders may fear losing control. Taking devices outside company buildings expands attack surfaces substantially, giving cybercriminals many new opportunities to exploit your most valuable asset – data. And when people connect to company resources over unsecured home networks, the risk multiplies.
Ueckermann goes on to say:
“You have to get the core things right to keep the lights on. Leadership will play a crucial role in setting the organization’s cultural tone.
Shifting focus from a control-based to an output-based culture sets up your remote workforce for success and growth.
“A new talent pool becomes available if your business is set up for teams who can work from anywhere, at any time. Highly-skilled people who were previously limited by family responsibilities or geographic location now become potential candidates to recruit.”
We’re guilty of appalling security habits
Principal Security Researcher at Kaspersky, David Emm, says:
“Our ability to communicate, work and transact online has never been more critical. We also have to face the reality that where people go, cybercriminals follow. If there is an opportunity to exploit a situation and lure people into disclosing personal data or sending money, you can guarantee cybercriminals will be working on it.”
With the number of Internet of Things-connected devices at 3.5 for every person on Earth and growing exponentially, information security must be scalable, multilayered and centrally managed.
Let’s face it: Many of us are guilty of some appalling mobile security habits. Despite using our smartphones for everything from business email to personal banking, over a quarter of us don’t even lock our smartphone screens. When you consider how often these devices are lost or stolen, it’s a big problem. Losing the device is nothing compared to hackers or other unauthorized third parties having access to every connected account and file on the device.
Here’s three ways you can help your home and remote workers to work more safely.
1. Start by laying down the ground rules
Check and update your cybersecurity policy so it fits the current situation for remote work. It should say clearly which devices and apps employees may use, which security measures they must adopt and how they can share corporate data. For example, you probably won’t want remote-working employees accessing your data from a jailbroken iPhone or an ancient laptop with a long-obsolete operating system.
Having employees well-versed in policy is essential, but we all make mistakes. Remote workers shouldn’t be living in constant fear of opening the door to cybercriminals.
Focus on cyber-awareness training so homeworking employees understand their responsibilities to protect corporate data and what risks they may be exposed to from social engineering.
Kaspersky’s David Emm’s warns that, “Staff should be especially wary of messages that claim to give important information about current events, as cybercriminals are known to use this tactic.”
2. Secure employee devices
To protect your corporate data, give your employees, and contractors who can access your network, the tools and hardware they need to work safely at home with easy access to IT support teams for troubleshooting.
IT administrators must maintain visibility of their digital assets across an expanding array of devices and operating systems. Mobile device management (MDM) technology should accompany your cybersecurity policy to help enforce the rules. It lets administrators monitor, manage and secure devices used for work, and grant or revoke access rights. If a device is reported lost or stolen, they can remotely wipe it and revoke access rights to any online accounts from that device.
Device encryption is also a no-brainer; it’s vital to prevent data being compromised if the device falls into the wrong hands.
3. Level up your data protection
While the tired stereotype of the hooded hacker lurking in a basement with lines of code flitting across a monitor reigns supreme, most cybercriminals don’t know all that much about hacking.
90 percent of cyberattacks include social engineering, exploiting human foibles rather than technological weaknesses.
It’s often dead easy for scammers to dupe victims into giving away confidential information over unsecured channels by impersonating a colleague, client or business partner. If an employee gets an email masquerading as a technical support agent from a known service provider asking for remote access, there’s a good chance they’ll fall for it. They can then gain access to confidential data if it isn’t secured.
According to Kaspersky’s 2019 research about digital clutter, 72 percent of employees store documents at work that contain personally identifiable information or sensitive data. From this, the attacker can gain access to the entire business network from compromising that one employee-owned laptop.
As well as educating your employees, keep all devices updated with latest versions of endpoint security. Automate measures for better data protection, like password protection and data backups.
David Emm also advises to “make sure operating systems and apps are always updated. Provide a virtual private network (VPN) staff must use to connect securely to the corporate network and restrict their access rights once connected. They should protect corporate devices, including mobile devices, with security software that allows remote wiping of data from devices reported lost or stolen, segregates personal and work data and restricts app installation.”
Cloud-managed security can drive innovation
It’s time for business leaders to stop seeing information security as a necessary evil. It’s a competitive advantage – an enabler of innovation.
Working away from the office is critical to be able to innovate. With business apps and data hosted in the cloud, IT administrators can enjoy centralized management by maintaining full visibility of their digital assets. Instant protection comes with reduced reliance on endpoint security since all confidential data is kept in a secure data center rather than on local devices.
Business leaders no longer have to depend on their policies and device-level endpoint security – though this is still essential. They can instead build a centrally managed, software-defined computing environment where adding new users means simply creating an account, then letting the remote-working employee access everything they need through the web.
This approach is not only better for information security; it reduces the need for remote workers to exchange files over email or unsecured file-sharing services. Make sure your cloud set-up is configured with the relevant level of cybersecurity protection for your company’s data needs, don’t expect this to be installed or run by the cloud provider.
Work anywhere, secure everywhere
Remote working shouldn’t be a source of fear. It’s not about losing control. It’s about decentralizing your workforce and letting them work in new ways. In the long term, it delivers enormous value for the whole business. Today’s security solutions let you control the security and compliance of your digital assets. No matter where your workers are, you can keep your corporate data safe.