By Renuka Sahane, Sr. Content Writer, Scalefusion
Maintaining the security of corporate data when employees work remotely in the new normal.
IT governance and cybersecurity have gained much-needed attention in the enterprise environment, thanks to the exponentially growing number of digital devices used in the workplace. The need to access the internet and intuitive apps that sit on mobile devices used across all industries is rapidly growing. From conventionally operating businesses such as retail to technology-driven businesses that are into manufacturing or supply chain, technology has touched based and revamped operations from the top to bottom.
The era of remote working
And just when the businesses globally were finding and implementing solid strategies to secure corporate devices and data from unknown threats and cybersecurity challenges, the pandemic hit. COVID-19 pushed all businesses- even the ones without a mobility strategy into a new normal that not everyone was prepared to endure. Remote working caught up, first out of hesitation, then out of need and now looks like it’s here to stay.
For companies that had strong strategies in place before moving to remote working, the transition was easy but for those that did not have policies and security protocols in place, the change has been a real challenge. Employees have no choice but to work from home and companies have no option but to facilitate the same. Ensuring work-friendly devices are available to the employees to upkeep the business performance and employee productivity has been the primary concern of business leaders.
Equally daunting are the security concerns and cybersecurity challenges that might arise when employees work from home, for an indefinite period. When the employees and the devices they use to exit the physical boundaries of the office, they are essentially out of the security posture of the company.
Cybersecurity challenges during remote working
Unmanaged devices, routers, printers, and other devices
If the employees working from home have not been provided with provisioned and managed devices including laptops, desktops, and tablets, they choose to opt for personal devices for work. Unless the company has a BYOD management policy in place and can enable security restrictions on the work container or profile of these devices, the device usage is safe and can in fact help add to the employee productivity, since they use their favorite devices for work. But if the devices are unmanaged and yet the employee is accessing work resources, corporate and user data on these devices, the data is practically exposed to every possible cybersecurity threat there is- from apps, websites, and unmonitored personal communication and collaboration tools.
Moreso, the devices are invariably connected to an internet router, peripherals such as printers. Work calls happen in the presence of family/roommates and there are home automation systems and bots eavesdropping on every work-related conversation. Clearly, the security protocols are dull, if not faded during remote working.
How secure is home WiFi and/or VPN?
This has been a serious concern for organizations that haven’t extended secure internet hotspot devices for employees to connect to while working remotely. The security of personal WiFi is highly questionable, especially when it is accessed by multiple users for personal use. Home networks commonly have the WEP protocols, which are known to be weaker, paving the way for cybercriminals to walk into your data and devices.
Also, while VPN might look like the best option for providing network security via encryption, if the VPN connects to any of the compromised devices, for example, the personal tablet of the employee, the hackers can crawl in the gaps created. It is important to ensure endpoint authentication to VPN access via certificate management, for instance, to ensure that only managed/work devices are connected to such networks. Needless to say, monitoring the VPN security at all times, recognizing potential failures, and extending support via patch management is crucial.
It is also important to note that if the employees are using legacy PCs, managing them outside of the corporate network or via VPN is practically impossible. In such cases, quickly procuring the latest tech by leasing or leveraging ‘desktop as a service’ can be a good option.
Phishers taking advantage of emotional vulnerabilities
Reports of increased phishing scams since the COVID-19 pandemic are surfacing. People are vulnerable, anxious and it is a tough time for all. The employees are susceptible to click on malicious emails that appear to be from government agencies, healthcare bodies, or WHO or might give away critical personal data to healthcare-related apps that are not authorized.
What companies can do…
Start with a robust policy to maintain security for remote working. Manage employee-owned as well as corporate-owned devices with an EMM solution and exercise access control, manage website access, and add security to corporate content with extensive policy configurations. Be on the top of the device security and rectify potential threats quickly.
And most importantly, build a culture of security among your employees and train them on the best practices. Your corporate data is only as safe as your employees want it to be. Go beyond device policies to educate your employees on the importance of data and cybersecurity
About the Author
Renuka Shahane is a Sr. Content Writer at Scalefusion -a leading Mobile Device Management solution. Renuka is keen on learning new trends surrounding cybersecurity, repercussions of remote working, and the evolution of enterprise mobility. You can read more of her work at https://blog.scalefusion.com/.