How can you protect your employees anywhere in the world?
The fantastic breakthroughs in creating a vaccine for the COVID-19 virus may, thankfully, make the term “lockdown” obsolete within the next year.
While virtual pub quizzes and Deliveroo-date-night might become phenomena of the past, increased remote working practices are undoubtedly here to stay.
The pandemic has fundamentally changed employee’s attitudes to working from home. According to a YouGov survey, 68% of British employees never worked from home before the pandemic.
Among those who now work from home all of the time, 91% say they want to be able to do so at least some of the time once the pandemic is over.
Many organisations have also experienced the benefits of employees working from home.
Recent research has shown that most UK managers believe remote work improves employee productivity, concentration, and motivation.
Some forward-thinking companies, such as Twitter, have already allowed employees to work remotely in perpetuity.
However, this does create challenges for security professionals who need to protect their employees and their company data, which is increasingly not only moving beyond their walls but across the country and even abroad.
Organisations who were once dealing with a small group of remote or travelling users are now potentially managing entire workforces who are operating from every conceivable location.
This is a real challenge. Our research into the topic – Empowering the People – found that only 34% of security professionals felt they were prepared to support their employees working from home securely when the pandemic began.
These are our top three considerations for organisations now facing a largely remote workforce:
1. Get control of the cloud
Remote working has increased organisations’ reliance on the cloud, which has always been a point of contention with security professionals worried about handing over control of their data to service providers.
In our survey, 58% of security professionals said their move to the cloud made security more complex. Even more (65%) said that they believe the cloud gives them less visibility and control of sensitive data.
The fact is tackling these concerns requires organisations to apply data security across all devices and all communication, collaboration, and storage tools.
While all the features of cloud services – and protecting them – may seem complex, once audited and risk assessed, applying security controls can be quite straight forward.
A regular review of policies and configuration of new systems, services and devices can keep security teams on top of data challenges in the application-focused ‘new work nucleus’.
Once remote users have access to the tools to do their job, the next natural step is to perform a risk assessment on any new systems and services you may have deployed to expose any potential weaknesses.
Organisations should then put policies in place to prevent unintentional or malicious actions in applications, such as unauthorised downloading of files or sharing of folders, with a cloud access security broker (CASB). Applying data loss prevention tools across web, email and cloud applications will highlight and stop sensitive information from leaving the business or getting into unsanctioned hands.
If using a 100% cloud-based integrated security platform, policies can be consistently applied to users, groups, or individuals across any geolocation from a single point of management, anywhere in the world.
2. Block bad behaviours
Considering the concerns security professionals have around cloud services, our survey found surprising confidence in the cloud security solutions they have deployed. Nine out of 10 respondents said they were confident that their cloud security solutions are effectively protecting people at home.
While it is encouraging to see that so many professionals are confident in their cloud security solutions, our research also suggested that they may be underestimating the potential risk of bad employee behaviours at work.
Whether it’s a result of more flexible working hours, fewer restrictions or more relaxed access policies on work laptops, the boundaries between work/life activities have never been more blurred.
In our lockdown survey, 67% of our respondents had identified employees engaging in unproductive activity on the web, such as using streaming services at work like Netflix or Amazon Prime Video (35%).
More worryingly, 76% of our respondents reported employee behaviour in the cloud that could be putting their organisation at risk, such as reusing passwords or storing sensitive data in the cloud without the proper protections in place.
Understanding and control of ‘user activity’ therefore must be among the top priorities for security professionals.
Using Web Security integrated with a CASB solution, security teams can gain granular insight into user activity to see exactly when and where data is being handled inappropriately, and by whom. This provides the information needed to audit web and cloud activity, and the tools to put policies in place to manage standard and privileged user access and actions across all business applications.
This puts the security team back in charge and helps to satisfy the needs of the compliance team, reducing the risk of data loss and data security breaches.
3. Authenticate account access
Finally, without the visibility of employees in the office, security professionals have to be more vigilant than ever in determining that people accessing the company network and online user accounts are meant to be there.
As we all know, traditional passwords do not provide a sufficient amount of security – especially when employees are using their password for multiple accounts.
The Secret to Preventing Account Takeover
Get practical tips and our 8 point checklist in this guide
To solve this issue, many organisations are implementing context-aware or adaptive Multi-Factor Authentication (MFA) wherever possible.
With employees working remotely from whichever location they please, it is more important than ever to interrogate the context of the login to challenge users based on unusual behaviour. If the login is requested from a strange location, time, day, or device the authentication solution will pick this up and ensure further verification before allowing access.
MFA that uses a number of variables to validate users and provides passcodes via employees’ phones requires no additional hardware, making it a relatively cheap option for security professionals to roll out across an organisation, no matter where their employees are in the world.
Cyber security, anywhere
A decade of innovation in cloud services allowed many organisations to survive and adapt through the pandemic. It supported their staff from home, and likely saved many livelihoods.
As the world settles into a new normal, cyber security innovation is the facilitator that will allow organisations to thrive. By gaining control of the cloud, safeguarding against dangerous employee behaviours, and securing account access – there is no reason employees can’t work securely, anywhere.
Download our full report Empowering the People to find out more about how you can protect and empower your employees wherever they are.