COVID-19 necessitated organisations of all sizes to follow work-from-home practices. Now, as the fog of the pandemic lifts, employees are expected to return to their respective workplaces. Or, if recent announcements from companies such as LogMeIn, Dropbox, and Deloitte UK are anything to go by, they may not. Why? Because the pandemic made us evaluate the future of work even as we leapt towards it – and a flexibility-led hybrid work model has emerged as the most tenable and practical of the lot.
However, while the flexibility and efficiency of the approach are in no doubt, there lurks an obvious question. In a distributed, digital-first paradigm, how can organisations implement adequate security measures to protect the interests of all their stakeholders? Let us look at some of the most effective ways in which enterprises can nurture a robust, security-first culture and promote it amongst their remote and hybrid employees:
Secure content sharing through remote working tools
All enterprises deal in data, both sensitive and shareable. Of this, information such as customer details, corporate IPs, and transaction-related data, etc., must be prevented from falling into the hands of malicious actors at all costs. Information sharing, however, becomes progressively trickier in proportion to the covered area and the consequent introduction of more variables – especially in the case of remote working.
Say, you want to host an online conference or meeting and don’t want the information you share to be captured or shared with unauthorized individuals. Or, if you are sharing sensitive documents, you want the access restricted to only certain authorized users within the team. To ensure maximum security, new-age players have launched remote working, video conferencing, and collaboration platforms that are equipped to deal with the ever-changing nature of digital threats. These industry-leading tools come with TLS and 256-bit encryption to protect both static and mobile data across chats, recordings, transcripts, etc.
For instance, top-of-the-line video conferencing solutions allow for seamless connectivity and collaboration with features such as turnkey room equipment and one-click meetings that allow for secure screen sharing during meetings. Encryption-based tools for file sharing, on the other hand, allows for secure transfer of files and documents while enabling document owners to define custom access levels for each user. This deep focus on security ensures that organizations can share, collaborate, and work in a remote setting without worrying about compromising sensitive data.
Implementation of zero-trust policies
A robust security infrastructure is built on a zero-trust model that takes an ‘always verify’ approach that requires authentication before users are granted access to enterprise files, drives, networks, etc. The implementation of such a top-down approach, where users are granted a level of access relevant to the task assigned to them, prevents undesirable lapses in security. Organisations can further beef up their security by implementing authentication checkpoints requiring challenge/response-based questions and OTPs to improve accountability and trackability of access to information.
Another good rule of thumb is to implement uniform security protocols for all employees, remote or office-based, along with geofencing and ticketing systems. Modern communication apps can also safeguard employee interest with provisions that can manage name and information viewing, vary the availability of transcripts and recordings, and mandate permissions for tracking employee activity.
Protecting data on shared/personal devices
With work-from-home policies making way for a greater overlap between home and office setups, many employees have recreational applications on their devices for office work. This is undesirable from a security perspective, as more than 80% of phishing attacks occur through recreational platforms like WhatsApp, Facebook, and online portals.
To prevent such data breaches and phishing attacks, enterprises can adopt two measures: they can either block the installation of non-essential applications and websites on the device or provide their employees with a secure sandbox to access enterprise applications and data. While the former can be difficult to implement, especially if the employee is using a personal device, the latter offers the convenience of securing data without impinging upon their employees’ personal choices.
Remote update and maintenance of devices
As mentioned above, many employees working from home use personal devices which may contain malware, are outdated and have weakened firewalls. Recent patches may not have been installed while the software used may be pending updates. This makes them easy targets for cyber-attacks.
Innovative enterprise solution providers have launched several easy-to-deploy tools to help enterprises overcome this exact challenge. By enabling ‘over the air’ remote patching, repairing, and diagnostics, these tools are strengthening the enterprise digital architecture for a remote-led future. They allow internal IT teams to also undertake regular remote diagnostics and repair, with the user validating the access at each point, to fix software issues and run troubleshoot programs.
Raise awareness through regular security training and sensitization initiatives
Despite the level of technology involved, any security framework is only as strong as the people who implement and use it. This is why enterprises must prioritise raising security awareness amongst their employees – whether remote or on-premise, from the junior-most member to the top management – through regular security sessions.
Training and sensitisation can help employees keep up to date with the latest cyber threats and attack vectors while mock drills can be used to help them translate the theoretical knowledge into actionable interventions that can be used in case of an actual attack. Doing so can bolster organization-wide readiness for a secure transition to a remote or hybrid work model.
While greatly beneficial in terms of convenience and collaboration across hierarchies, the hybrid work model requires organizations to be more aware of their security-related policies and frameworks. Leveraging modern tech solutions in the fight against digital perpetrators would support our ambitious step into the future of work – one that is bedecked with growth opportunities for employees and enterprises alike.
Note: The author of the article is Rahul Sharma, MD-India, LogMeIn