When the COVID-19 pandemic forced office employees to work from home in an unprecedented shift in how we work, not only did it disrupt business models and organizational culture, but it inadvertently opened the door for cybercriminals to attack numerous businesses. (1) After all, while companies might have their intranets locked down, the same couldn’t be said with complete accuracy for the millions of workers who were now suddenly accessing critical applications and documents through their own WiFi networks. One study reported that daily DDoS attacks increased by 20 percent in February and March 2020, compared to the previous year. (2)
This is through no fault of their employees. The decision to send everybody home was driven by a mixture of policy, culture and government regulation. Few IT departments were prepared for such a shift and not many of them had the time to set up remote access for all their employees with the same care that they’d developed secure intranets at the office.
However, since the initial uncertainty has subsided, it’s up to IT to take a long hard look at their remote working policies and revise as necessary to bring home-based cybersecurity in line with what employees enjoyed at the office. This includes reexamining (or creating) a security strategy that allows employees the access they need within a safe and secure environment.
Now Is the Time for an Aligned Remote Work Strategy
How does a distributed workforce affect a company’s security strategy? IT teams now have a wealth of on and offline considerations to take into account that they didn’t necessarily have before. With employees working at home (and in potentially insecure areas), the possibility of device theft is a realer possibility than it was in the office. Amending security policies to include securing devices with passcodes, fingerprints or facial recognition is a good start. Having such policies in place means if the unthinkable happens and an employee’s device is stolen, the possibility of the stolen device compromising network security is minimized.
Adopting a strategy that allows for virtual desktops over localized applications has several security and cost benefits. By limiting downloads to a more central secure server, IT teams limit the likelihood of a computer being compromised. Additionally, there’s the potential for cost savings on licensing when applications are centralized, particularly for global enterprises. With less complexity to manage, IT teams can minimize the potential for catastrophes.
When Every Endpoint Becomes a Part of the Security Strategy
With the majority of workers now distributed, it means that IT teams have more endpoints than ever before to consider regarding their network security strategy. Employees will be logging into the company network through thief desktops and laptops, but also their mobile and personal devices. This device proliferation can increase employee productivity, but also put company networks at risk.
In this environment, all endpoints become a part of the company’s security strategy. IT teams should treat all employee-owned devices as potentially compromised and control access accordingly. Employees should be able to access their apps and data from any device, but IT teams should take care to ensure that convenience doesn’t compromise security. Now’s the time to examine bring-your-own-device policies and see how they can be adjusted to meet the challenges of this new normal. Employees may need access to virtual private networks (VPNs), which should be set up.
There’s also regulatory implications to consider when dealing with new endpoints. Your organization may not need to comply with endpoint requirements, but your customers might. If you can’t demonstrate security of endpoints, they may not do business with you. Your security strategy should take customer regulatory requirements into consideration as a result. Your customer’s data is one of your businesses most precious commodities; don’t let your IT security strategy (or lack thereof) jeopardize it.
Learning Opportunities
Webinar
Mar
21
Ready to Level Up Your Learning? Discover Your Learning Maturity Score
Learn how to level up your learning program in this free, interactive workshop
Webinar
Mar
29
The CX Commute vs. the CX Joy Ride
Is your CX traffic holding up your customer's journey?
Webinar
Mar
29
Is Your Microsoft 365 Data Recoverable? How to Survive the IT Hotseat When Data is Lost
See why MIcrosoft recommends third party backup
Webinar
Mar
30
An Optimized Customer Contact Strategy Combines Transparency and Intelligence: The State of Outbound Communications
Learn from the Neustar-commissioned Forrester Consulting study on challenges and solutions for contact centers
Conference
May
10
CMSWire CONNECT Customer Experience Conference - Austin 2023
Don't miss the top customer experience and digital experience conference of the year — live in Austin, Texas May 10-12.
Conference
May
10
Reworked CONNECT Employee Experience & Digital Workplace Conference Austin 2023
North America's best employee experience and digital workplace conference of the year — live in Austin May 10-12, 2023.
Another area to consider is securing and granting access. As part of a zero-trust strategy, it's vital to address who should have the right access to the right applications. If employees don’t need access to certain apps and data then they shouldn’t be granted that privilege by default. Marketing team members don’t necessarily need access to HR data, while HR wouldn’t need unfettered access to sales data and account info, for example. While reviewing your security strategy, examine which employees have access to what applications and ensure that access is only granted to employees who truly need it.
When Working at Home Is As Secure As Working From the Office
According to research, over the next 12 months, 50 percent of IT professionals and 39 percent of HR professionals identify better protecting employees from cybersecurity attacks and privacy risks as a top priority for their business. (3), (4)
IT professionals should educate all employees on the necessities of being secure while they’re working remotely. IT can communicate best practices around cybersecurity to help employees replicate their office experience. This includes securing their WiFi, connecting to VPNs and not storing anything locally.
Conclusion
Cybersecurity attacks have increased during the pandemic and companies to be ready. By reexamining the current security strategy, or creating one if necessary, companies can minimize their risk. Deploying solutions with built-in security features is another way companies can stay one step ahead and thwart cybersecurity attacks before they happen.
Learn more about VMWare’s security initiatives at vmware.com.
Sources
- 1 Maurer, R. (2020). “How to Maintain Cybersecurity for Your Remote Workers.” SHRM
- 2 Branscombe, M. (2020). “The Network Impact of the Global COVID-19 Pandemic.” The New Stack
- 3 VMWare (2020). IT and your employee experience survey
- 4 VMWare (2020). HR and your employee experience survey
More Thought Leadership from VMWare
- Executive Profile Q&A: Brian Madden: The Future of Work Is Here
- Supporting Employees as They Attempt to Maintain Work/Life Balance During a Pandemic
- Opportunities to Optimize the Employee Experience
- Jump-Starting Return to the Office Plans
- Delivering Exceptional IT Service When the Office Isn’t the Office
- Cloud Elasticity: Continuous Access to the Resources You Need
- Centralized Computing Power in a Decentralized Work Environment
- Preparing Employees for Day-One Readiness
- Leveraging Network Agility As Demand Shifts Into an Uncertain Normal
- Reviewing the Security Strategy in the New Normal: What to Watch For
- Rethinking Security Strategies for Today’s Distributed Workforce
- Cyberattacks Are Increasing — Here’s How to Stay Safe
- Zero Trust — A Security Mindset