We’ve Settled into WFH, But Security Challenges Remain
For businesses, having any percentage—let alone the majority—of a workforce working from home (WFH) requires that the right security solutions and employee best practice guidance are in place. But even so, it often requires a great deal of trust that employees will understand, and adhere to, security policies.
Before the pandemic forced millions of workers into WFH scenarios, cybersecurity risks were already intensifying. Last year saw some of the biggest attacks to date as billions of records were exposed. Sixty-eight percent of IT security professionals overall said attacks against endpoint devices in their network had increased in the past 12 months, according to Ponemon. Today, however, as companies contend with having their data centers rapidly decentralized, some security firms are citing 800% increases in calls regarding cyberattacks.
In the early days of this disruption, IT decision-makers had to scale WFH capabilities almost overnight. That was a huge feat, but that work is far from over. The monumental task of keeping a company’s information secure is now more difficult than ever, particularly as many businesses look to make remote workers a larger proportion of their overall workforce.
Despite all of the efforts so far, 51% of end users still feel they are not set up adequately for remote work, according to an HP survey in the U.S., UK and Japan. Here’s how IT professionals can keep their organization safe and secure as they build new workflows and support an ever-wider range of working practices.
Never Stop Educating Your End Users
Employees are busy trying to maintain business as usual, but they are also distracted by profound societal changes. As a result, that reminder of network best practices dispatched several weeks ago could have easily been overlooked.
Building a secure culture is a challenge for businesses of every size. Employees have to do their part. Devices should have updated software. The use of multi-factor authentication should be standard practice. And work laptops should not be shared with other members of a household. But unfortunately, 95% of organizations say their cybersecurity culture isn’t as good as it should be, according to an ISACA Cybersecurity Culture survey.
Right now, steady communications that remind workers of their responsibility and the resources at their disposal are critical. Remind them where to report an incident or seek guidance. Provide regular updates on best practices, including which platforms for messaging and videoconferencing are approved for use. And remind them what the common signs of phishing attempts are and how to protect themselves as well as the company’s information.
Out of Sight Cannot Be Out of Mind
From being duped by phishing attempts to not using complex passwords, for all IT managers, human error among their user base is a known quantity. During this time, though, it could be even worse. Bad actors are capitalizing on people’s desire for information about the health crisis to lure them into clicking on malicious links. According to the HP survey, 77% of IT managers believe more WFH means more security vulnerability, and 40% plan to augment security because of the current situation.
IT managers should also do everything in their power to make sure the reports they see of suspicious activity are as close to real-time as possible. This requires a blend of securely designed hardware and the latest software—both of which must be intuitive to end users and implemented across the company’s entire technology ecosystem. These tools allow IT teams to identify and isolate incidents that end users may not even be aware of—an essential capability for keeping any workforce, but especially a remote one, secure.
WFH: Keep Moving Forward
By now, remote workforces are weeks or even months into a new normal way of operating and preparations are well underway for the next phase, whether that is reopened offices or “forever” remote work. On top of keeping the lights on, IT professionals are pushing forward the systematic transformation that will make these new working practices possible.
As a result, 44% of IT managers are increasing spend for this year, according to the HP survey. Forty-nine percent have increased spending on network security, 44% have increased spending on cloud and server security, 33% have increased spending on endpoint security and 46% are outsourcing more in their network and/or endpoint security.
Now is the time to start mapping out what is needed to secure new working practices and the systems that enable them. Companies should appoint a task force to determine how policies and infrastructures will change. And IT teams should determine what is needed—from devices to communication systems and more—for them to adapt to having more remote end users long-term.
When this pandemic spread, nearly every company was unprepared to implement such massive transformation so quickly. Several lessons have been learned over this period of WFH; now there is a chance for IT professionals to take what they’ve discovered and apply it to what comes next. By continuing to prioritize cybersecurity and by acknowledging that our ways of working are forever altered, the next wave of change does not have to be so disruptive for IT professionals or for employees.
