In the pre-COVID era, working from home or telecommuting was a rare luxury, at least for most businesses that preferred to stick to the conventional means of operations. In fact, remote working for the odd occasion was sometimes packaged as an employment perk. The reason for this reluctance was not just the lack of cultural conditioning that enables remote working but also the dearth of enterprise infrastructure to meet the distinct demands of remote working.
And then the pandemic hit.
Remote working is the new normal
Suddenly, the imposed lockdowns and the urgent need for social distancing resulted in an organizational dilemma. Companies could either wait till the curve flattens and compromise on business continuity for an indefinite period or could acclimatize to the new normal of ‘remote working’.
More than 15 million employees in the US alone started working from home in the month of March. Of course, the large enterprises that had remote working policies in place had it easier than the ones who were totally ignorant of this idea. But this made businesses of all sizes realize that remote working will continue in the near future and with the right set of tools and policies, it need not be counter-productive.
According to a study by Gartner, around 25% of the organizations surveyed expect that 10% of their staff will continue to work remotely, 17% said that the number will be as high as 20% and 2% companies stated that 50% of their currently remote employees will permanently work from home.
Clearly, remote working is here to stay. But what of the plethora of enterprise products and solutions the workers are now using remotely? Are they built for remote working? For remote working to, well, work, enterprise products have to be rebuilt to suit the new needs arising due to working remotely.
The top security challenges of remote working that enterprise products should address:
Connecting to unknown networks
The most critical element to factor in during remote working is network security. When the workers are working remotely, they connect to unknown networks from their own devices. They could also be connected to open/public networks available in cafes/restaurants, etc. Connecting to these networks can serve as a gateway to cyberattacks that can invade your corporate device and data. VPNs or Virtual Private Networks are a better alternative since they can act as a facade between the network and your corporate data, preventing direct access to the cybercriminals.
Enterprise products must address the need for VPN and network security to ensure that the corporate data is not infiltrated, and the VPN is not set up on a device that is already infected by the malware.
Challenges arising from using BYOD/BYO PCs
The remote working phenomenon has had a monumental impact on the enterprises’ perception of BYOD. The acceptance of BYOD/BYO PCs has seen a consistent rise since the pandemic hit and the market is going to see an upsurge in the coming times. According to a survey, 87% of the businesses stated that they are dependent on employees accessing business apps on personal devices and 59% of the companies are expected to embrace BYOD as organizational culture.
But what this also says is that the enterprise products must address the diverse challenges arising when deployed on BYO devices. A study suggested that 30% of the companies restrain BYOD adoption due to security concerns and rightly so. The conventional means of managing and monitoring don’t work in this case and the enterprise products must evolve protocols to validate and certify the security and integrity of the employee-owned devices with the use of checks such as SafetyNet attestation. Capabilities such as remote wipe-off that selectively wipe-off business containers/content on BYO devices need to be leveraged to mitigate the security challenges on retired/lost/stolen devices or devices of the employees that are no longer associated with the organization.
Access control and authentication
The security profile of any enterprise is only as strong as the security awareness of its employees. When employees work remotely, their ignorance of security heavily influences the overall security of the corporate data and device. Organizations need to extensively invest in building a culture of security and train the employees in password best practices and protocols. And the enterprise tools they use must embed these new protocols into them.
It is critical for enterprise products to provide security using access control and authentication via digital certificates or biometric authentication and also provide insights into potential vulnerabilities. Enforcing complex passwords and frequent password changes prompted with reminders is also essential. Cloud-based enterprise products that are also used for collaboration should also extend end-to-end encryption.
Browser and phishing attacks
Phishing attacks via emails, click-baits, click-jacking, or vulnerabilities exposed by the browsers are common and contribute to most data breaches. Phishing emails are disguised as invitations to virtual meetings, updates to workplace policies, communications from company representatives and HRs as well as updates related to VPN. But that’s not all, a study suggested that 83% of phishing attacks took place outside the email, in text messages or apps.
Enterprise apps on remote working devices should be robust enough to detect and eliminate any such potential phishing attacks via email and browser management.
Closing lines…
Love it or hate it, remote working is the new normal. It may even be the future of work. Enterprise products that meet the dynamic demands of the remote worker-driven enterprise and that aid in combating the security challenges are bound to thrive. The rest may remain a relic of the pre-COVID era.