Even once the pandemic ends, we will live in a world defined by distributed work. And that will require a new approach to cybersecurity.
The new normal. The distributed workplace. The digital future.
Whatever buzzwords or phrases you use, one thing is clear. Even once the pandemic ends, remote work is here to stay. Although it’s been tinged by the anxiety and stress of the coronavirus, we’ve all gotten a taste of distributed work, of the flexibility and freedom inherent in working from home.
For most of us, there is no going back.
Global Workplace Analytics estimates that between 25-30 percent of the U.S. workforce will be working from home multiple days a week by the end of this year. The analyst notes that even before COVID-19, 80 percent of people wanted to work from home at least occasionally, and over a third would be willing to take a pay cut in order to do so. Employers, meanwhile, have been made acutely aware of the cost savings associated with remote work — that they’ll spend less money on infrastructure, office supplies, and office space.
Security is undoubtedly the biggest challenge of distributed work aside from communication and the required cultural shift. Although each organization faces its own unique cybersecurity challenges and requires its own distinctive approach, there are certain foundational measures that every business must implement. Security measures which, if you want to effectively support remote work, are non-negotiable.
While access control is something you should have already implemented with a traditional workforce, it’s even more critical with a large population of remote staff. You cannot feasibly control where and how your employees work. You cannot feasibly control the devices they use to connect to your network, nor can you guarantee outright that someone attempting to log-in is indeed who they claim to be.
Layering multi-factor authentication atop strong password management is your best bet here. To that end, I would strongly advise investing in password management software for your workforce. Trust me when I say that it will be well worth the investment.
Because otherwise most everyone, yourself included, is likely just reusing a password they’ve already used elsewhere.
Plenty of businesses have already laid the necessary foundations for remote work from a software and infrastructure perspective. Far fewer have taken the proper measures from a process and policy perspective, however. Update your security policies so that they hit the following beats:
- Establish the separation of work and personal data. Employees should not use any personal accounts for work-related responsibilities.
- Lay out general acceptable use policies, including basic network security, access requirements, and security requirements for software/tools used by remote staff.
- Establish a process by which an employee can reach out to IT in the event of a potential cyber-incident.
- Outline new security training processes for remote staff, with a focus on protecting personal data as well as professional.
- Update your incident response process to account for the new threat landscape represented by remote work.
Last but not least, you need to consider how your employees are going to access corporate assets and resources. Are you going to equip them with a VPN? Will you use a secure remote desktop? Or will you instead rely on the cloud?
Whatever route you choose, you’ll need to make sure you have the necessary protocols in place to preserve data integrity and security as it’s accessed and transferred.
The Future is Distributed
Like it or not, your employees will keep wanting to work remotely for the foreseeable future. The sooner you implement the necessary controls to securely enable that, the better. Because at the end of the day, the benefits of remote work more than justify the security efforts required.
About the Author
Tim Mullahy is the Executive Vice President and Managing Director at Liberty Center One, a new breed of data center located in Royal Oak, MI. Tim has a demonstrated history of working in the information technology and services industry.