As millions of employees continue to work from home for the foreseeable future and in some cases perhaps indefinitely, balancing the ongoing demands of employee productivity and information security will be paramount.
The historical “castle and moat” model of protecting IT infrastructure is outdated and will be further challenged by the emergence of a new hybrid workforce that is sometimes remote, sometimes on-premise.
When the pandemic first hit, IT departments responded quickly with what one IT analyst called the “Remote Lite” approach—just get staff the basic equipment they need to work from home as efficiently as possible. Now, however, “Remote Lite” needs to quickly morph into a more “Remote Right” approach which takes into account the requirements of permanently managing remote employees’ security, connectivity and productivity.
As many security experts agree, remote work is rapidly expanding the potential attack surface for hackers as the number of endpoint devices given access to a corporation’s network increases. Pharmaceutical companies, particularly those working on Covid-19 vaccines, are just one example of a vertical industry that is experiencing a significant increase in cyberattacks.
A recent survey conducted by Barracuda Networks found that “almost half (46%) of global businesses have encountered at least one cybersecurity scare since shifting to a remote working model during the COVID-19 lockdown.” Cyberattacks that result in the theft of sensitive financial and customer data or intellectual property are just a few of the threats remote workers’ unsecured home networks, poorly managed devices or compromised VPN connections can expose.
It is inevitable that organizations will need to embrace more adaptive and people-centric security models to support a permanently distributed, work-from-anywhere workforce. The challenge for CIOs will be enabling a first-class user experience similar to being in the office while maintaining an equally as strong security posture.
CIOs will undoubtedly make technology investments to address these increasing threat vectors exposed by a hybrid workforce. Additional safeguards such as biometric identification, multi-factor authentication (MFA), expanded virtual desktop infrastructure (VDI) and enhanced VPN solutions are just some of the IT investments they should consider.
At the same time, non-technology investments will remain critical. 90% of cybersecurity breaches today occur from phishing attacks, therefore increasing employee training, ongoing phishing testing and increased security monitoring will remain table stakes.
The modern millennial workforce puts a premium on information access anytime, anywhere and on any device. Yet, their experiences vary on multiple dimensions in terms of access, performance and permissions. As security solutions optimized for specific devices in known locations evolve to meet the needs of the hybrid workforce, using approaches like VDI, users will likely benefit from greater device choice and expanded BYOD options.
Additionally, the concept of “work-from-home kits” may expand. Bundling devices pre-configured to run on secure networks overlaid on consumer internet connectivity with perhaps ergonomically sensitive set-ups will support employee well-being, while also enabling corporately managed network connectivity. While it might be inconvenient for users to have an extra device, in regulated industries such as healthcare, financial services and utilities, it may be essential to respond effectively in today’s threat environment.
For many, passwords have been the tool of choice to restrict access to documents and presentations. Services like Microsoft 365 offer more comprehensive safeguards limiting the distribution of information and restricting document privileges to authenticated users, though many organizations have not widely deployed these features.
Furthermore, as unstructured data moves outside enterprise firewalls, the ability to manage documents is greatly reduced. Therefore, implementing more robust security measures to manage the lifecycle of unstructured data will shift from a nice to have feature, into a must-have control for many organizations.
Rahm Emanuel, the former Mayor of Chicago, once said that “we should never let a serious crisis go to waste”, it’s an opportunity to do things you think you could not do before.” Taking this into account, if organizations were not prioritizing security investments and digital transformation before, now is the time.