Rethinking security strategies for the remote workforce
According to the ABS, Australians are working from home more than ever. In February 2021, 41 percent of employed Australians reported working from home at least one day per week - and this was at a time when half the country wasn’t in rolling lockdowns.
I’ve witnessed it myself, with the number of incoming requests from clients to A1 Technologies over the course of the past year and a half.
During covid we have seen an acceleration of trends that were already present among A1 customers; organisations moving to the cloud, organisations adopting hybrid cloud strategies, and organisations becoming more focused on their security posture.
While the threat of Covid may have subsided at least partially for some, the ability to work from home is here to stay, with employees preferring flexible working conditions and productivity remaining high in this configuration. If you take a look at the results of Capterra’s Employee Monitoring Survey 2020 Australia, it shows that 38 percent of employees are just as productive at home, with 44 percent saying they are even more productive than they are in the office.
However, with a remote workforce arises new security considerations. Covid brought with it not only a rise in remote work, but a rise in cybercrime. In 2019, the FBI had reports of almost 800,000 suspected internet crimes, an increase of over 300,000 since 2019. Ransomware attacks have doubled year on year. Attackers are aware of the new attack vectors associated with working from home and they’re ready to exploit them.
What does this all add up to? We all need a rethink on our cybersecurity strategy if we’re going to do remote-first work securely.
A cloud-first approach for flexibility and enhanced security
When covid first shutdown hit, shutting down most of Australia, A1 customers were able to adapt significantly more quickly than our counterparts customers. This was, in part, due to A1 adopting a cloud-first strategy; we move our customers to the cloud when/where possible and as quickly as possible.
Despite what some might think, the cloud is more secure, more flexible, and more cost-effective in the long run. 75 percent of IT professionals agree with me too, according to the Oracle and KPMG Cloud Threat Report 2020. Implementing cloud-first and hybrid-cloud strategies is a way to strengthen security in a remote workforce.
A strengthened security posture for new ways of accessing data
The current trends of flexible working highlight the importance of good network topology and security. It is critical to have a good edge security posture and to be vigilant with maintaining that security. Bad actors understand that remote working and an organisation's edge will increasingly be their weak point and they will exploit this every opportunity they can.
While once, we could rely on data and access being contained within our own networks, we now need to operate under the assumption that any incoming connection is a malicious actor, masquerading as an insider or trusted third party.
Systems such as malware prevention, encryption by default, multi-factor authentication and Secure Web Gateways must be implemented to help guard against edge security risks.
Following what’s known as the Zero Trust approach - “Trust no one” - you can work backwards in figuring out which connections to trust.
Edge device security - to BYOD or not to BYOD?
Now I know that BYOD policies are popular in the workplace, due to the relative cost savings, but if security is not implemented correctly, then compromised employee devices will cost you in the long run - this is an edge device security risk.
You can take the example provided by McKinsey, of a large financial services firm. Instead of choosing BYOD, they distributed thin-client terminals with remote-patching to call centre staff during Covid, so that work could continue as usual. Thin clients are just one lower-cost secure device solution. Talking through your current architecture, budget, and requirements with security professionals will result in the optimal configuration for your business, business units, or individual users.
People are the key to a successful remote-first cybersecurity strategy
Strategies for cloud-first architecture, managed networks, and secure device usage, backed by access management techniques and enterprise-grade security systems, are the fundamentals of IT security in a remote work environment.
But without the ‘people’ piece of the puzzle, businesses are still at risk.
Educating teams on new protocols, systems, and security implications is the most critical tool in your Cybersecurity arsenal. You’ll need to update your security training materials to reflect a remote-first strategy.
Having buy-in from company decision-makers and C-suite is extremely important; a healthy security culture breeds program success.
Rob Rattray is CEO Sydney-based managed service provider A1 Technologies.