- April 25, 2023
- Catagory Security
How Good Habits Secure Remote Work
Good habits have always been a key enabler of security in the organization, and they’re an essential part of your strategy to secure remote work.
With the hybrid workplace here to stay, your employees are not just working at home – they’re more mobile than ever, which means they’re connecting to your network infrastructure from many different locations. If you’re going to let staff work in an environment over which you have little to no control, you need to instill some good habits that enable secure remote work.
This is especially true if you’re going to permit your employees to work in public spaces, such as a park or a coffee shop. The argument could made that if you’re going to secure remote work effectively, you should put limits on what employees use as their workplace.
The most compelling reason is that they will use public, unsecured Wi-Fi, making them more likely to expose critical business information and even get hacked. Employees working in public spaces should only access corporate resources online through a virtual private network (VPN), even if they are working from home. Alternatively, they can use their smartphone as a hotspot rather than use public Wi-Fi.
The laptop employees use to work remotely must also be kept up to date so it’s able to handle the latest threats. You can’t secure remote work without anti-virus / malware protection software – any computer connecting to your network must have it, and it needs to be updated with the latest patches and virus definitions to protect against threat actors looking to exploit operating system and application vulnerabilities.
Just as you need to update your anti-virus software regularly, you need to update devices frequently – they should be rebooted often the latest software patches, firmware, and security fixes applied as soon as they are available. If the employee is working from home, you should make sure they’re updating their router regularly as well and any other devices on their home network.
Keeping hardware and software up to date is a habit that’s essential if you’re to secure remote work. Similarly, you must instill best practices when it comes to passwords management. Employees should understand the necessity of creating strong passwords that are unique to each login and account they use. Where possible, look at implementing multi-factor authentication (MFA). Adopting a Zero Trust approach can also help to secure remote work because it means employees are only accessing applications and data they need to.
Technology can only do so much to secure remote work – employee habits that foster good security hygiene are essential if you’re to support a hybrid workplace and mobile workers.
- October 29, 2021
- Catagory Security
Security Policy Must Keep in Mind How People Work in the Hybrid Office
If the hybrid workplace is here to stay, then security policy must put people first—understanding how the human element plays are role in protecting data is essential, but so is making sure any security measures don’t get in the way of their productivity.
People can be part of the problem but also part of the solution—cultural changes that go hand and hand with security policy can positively influence employee behaviours to make your hybrid office more secure.
Humans make mistakes
Quite often, people put the organization at risk and violate security policy unintentionally. Privileged users can unknowingly let their credentials get compromised, which allows threat actors to access systems and sensitive data. Although it’s usually an accident, occasionally a disgruntled employee may compromise the organization intentionally.
Human beings also fall for phishing scams, both on their personal devices and corporate workstations; in the hybrid office, this device can be one and the same. Scams that employ socially engineered malicious messages that encompass tax-themed phishing, dodgy downloads, fake payment and delivery, and invoice phishing, have become even more common during the pandemic and will likely continue apace in the hybrid office.
Some people are just plain careless, despite security policy guidance, by letting credentials lapse or not using multifactor authentication. Cybersecurity technology isn’t effective on its own without keeping people in mind. Yes, they need to be held accountable, but you must also meet them where they are. The hybrid office means your employees are moving between their work and personal lives more fluidly, including the devices they’re working in—this must be reflected in your security policy.
Remote work is here to stay
Meeting people where they are means your security policy outlines how they can help to keep their organizations securie without getting in the way of their productivity. Your security policy should assume that the hybrid office is here to stay for the foreseeable future and understand the impact of continued remote work.
IT teams must be prepared to support remote workers, who are likely to have less traditional schedules as they embrace flexibility, and adopt collaboration tools to work across different departments, including human resources as they onboard new workers who will be working remotely, on-site or a combination of both. The hybrid office has also meant a shift to “hoteling” as employees come to work a few hours a day or a couple of days week without their own dedicated workspace.
Remote work always had implications on security policy, even before the pandemic, but there has been an increase in malware incidents, data breaches and other poor security behaviors as more people work from home. Despite this spike, it’s important keep security simple for employees and engage regularly with through awareness training so they can help protect their hybrid office from threat actors.
A clear and concise security policy allows employees to be productive no matter where they are working so that security is not a barrier to productivity.
Sanjeev Spolia is CEO of Supra ITS
- August 18, 2021
- Catagory Culture
Success of the hybrid office hinges on a “remote first” approach
It’s time to formalize the hybrid office.
While remote work has been supported by many organizations long before the pandemic, many are still flying by the seat of the pants. Businesses must recognize that not all employees will be returning to the office full time and that many will continue to expect flexibility.
Remote work can no be longer reactive
After nearly 18 months, organizations can no longer view remote work as a short-term response—it now must be done with intention if the hybrid office is to effectively function. Remote work needs to be by design to ensure better collaboration and team building that creates a culture of success. Efforts to support remote work my be strategic and company wide, and it can’t be up to individual employees working offsite to figure out technology solutions, workflows, and processes.
The successful hybrid office requires structure and consistency. The C-suite must play a role in developing a culture as well as policies the foster a healthy work environment while thinking about how technology plays a role in the employee experience so they can work independently and collaboratively.
IT must collaborate with business leaders
The hybrid office means IT teams must adapt to best support remote workers, as well as workers who may straddle both home and office environments.
This includes providing the right equipment or onboarding personal devices to ensure they can be used securely with corporate IT infrastructure, as well as revamping and automating work processes. In addition to providing the necessary collaboration technology, IT must also collaborate with every line of business and the C-suite to create a successful hybrid office culture that’s both productive and secure.
Gone are the days where a handful of employees are working from home or on the road; IT teams must assume every employee may be working remotely sometimes and contribute to providing a level playing field for all staff. While company leadership is critical to setting the tone for a successful hybrid workplace, input from employees should be included when crafting new policies and guidelines, including employee performance metrics—it’s no longer about how many hours you’re in the office.
Technology is a critical collaboration enabler
When the office is no longer where everything happens, collaboration technology becomes even more essential.
If you only just began implementing collaboration tools company-wide because of the pandemic, now’s the time to formalize the platforms that allow remote workers to be productive and work together effectively. It’s not just about videoconferencing to replicate the in-person meeting experience; you need a robust digital collaboration environment that supports efficient workflows and recognizes that people will be working asynchronously because locations and schedules will be inherently more flexible.
The hybrid office is here to stay for the long haul. A “remote work first” approach is essential for any organizations that want to maintain competitive advantage and grow their bottom line.
- July 30, 2021
- Catagory Security
Hybrid workplace security must account for the human element
The hybrid workplace may be the new normal, but the high number of data breaches due to the pandemic don’t have to be. The solution is recognizing that people can be the cause of security incidents but also play a part in preventing them.
The “human element” is involved in as much as 85 percent of all data breaches, according to Verizon’s 2021 Data Breach Investigations Report. That’s actually good news—it means there are cultural changes that can be made to influence employee behaviours that will improve hybrid workplace security.
People still fall prey to scams
There are several areas where security is vulnerable because of how people behave, often without any intent to put cybersecurity and data privacy at risk.
The first is around privilege abuse, according to the Verizon study, wherein users have access to IT systems, data and applications that over time leads to compromised credentials that allow threat actors to access sensitive information. In most cases, the privileged user isn’t intentionally looking to cause their organization harm and the data exposure is accidental. However, a disgruntled employee can cause a lot of damage.
In the meantime, employees still fall for phishing scams, and the number of instances where people fall for these socially engineered malicious messages rose significantly during the pandemic, according to Verizon’s analysis. Examples of these scams include payment/delivery scams, invoice phishing, tax-themed phishing, and downloads. Remote workers are more likely to fall for phishing scams, which makes their prevention especially critical for improving hybrid workplace security.
Many data breaches are accidental, but these accidents shouldn’t be confused with carelessness, which can include credentials that aren’t regularly updated or failure to use multifactor authentication. Cybersecurity technologies only go so far without having a standard of behaviour throughout the organization. Employees must be held accountable—effective hybrid workplace security depends on culture as much as technology.
Meet people where they are
The hybrid workplace solidifies the need for every employee to do their part to foster company-wide security rather than putting on the onus on a small group of IT experts to implement and manage cybersecurity technologies. This where the human element becomes part of the solution, not just the potential cause of data breaches.
While it’s critical that remote workers do their best to secure their home office environment, it can be overwhelming for them. Communication and training go a long way to helping them develop good security habits, as well as streamlining the process as much as possible. It’s also important to remember that in the hybrid workplace not all remote employees are the same. Some are experienced road warriors and power users who innately understand they need to secure their mobile endpoints, while other users have got a tad complacent over the years because they’re always online.
Employees who have traditionally worked in offices and felt comfortable leaving their workstation unsecured for a few minutes may not fully appreciate that hybrid workplace security requires a shift in behaviour. There are also always employees who value efficiency over all else, so if they perceive security measures as a barrier to productivity, they will always find shortcuts and workarounds.
Make people part of the solution
Hybrid workplace security needs tools and processes with a short learning curve for all employees to they can be easily adopted and understood as an enabler.
Balancing the human element and technology is critical to securing the hybrid workplace due to its inherent flexibility—employees are shifting constantly between their work and personal lives throughout the day, and that includes the devices they’re working on. Each device along with the software and operating systems they’re running now fall under the purview of corporate security.
From a technology perspective, it means technologies such as Identity and Access Management (IAM) tools are more essential than ever, as are robust security protocols and employee training. However, these must be seen as an enabler, not a roadblock to getting things done. The least technologically savvy employee must be able to blend their daily task with good security habits without a steep learning curve.
Hybrid workplace security requires the creation of a security-first culture that puts people at its centre by enabling them to improve their workflow while doing their part keep the business secure.
- March 12, 2020
- Catagory remote working
How employees can adapt to remote working
One prescription for reducing the spread of the Coronavirus is to encourage remote working. But although working from home is par for the course for some people, many businesses and employees are used to filling chairs at the office.
Being productive at home and having the right tools to support remote workers can be a learning curve for everyone. The good news is that because many organizations already operate this anyway, there’s plenty of tools and best practices that can be adopted.
For employees, remote working not only requires the right tools, but also a change in mindset from what they’re used to. Working from home productively requires a routine, and not one size fits all. While there are many perks to working remotely, such as no longer having to spend time commuting on congested streets or on public transit, you need to continue to have work-like structure and schedule at home.
- Have a routine: Many prefer being in an office because of the inherent structure which can be hard to maintain if you’re new to remote working. But having a schedule when you’re working from home is essential. You should start your workday at the same time you would if you were going into the office. Be sure to finish work around the same time everyday and leave it until the next day.
- Dress appropriately: You wouldn’t wear your pajamas to the office, so it’s good practice to change into clothes while remote working to get you in the right frame of mind. You can still be comfortable, however, so jeans and a comfortable shirt is enough, much like casual Fridays at the office. The goal is to make sure you’re in work mode, not relaxation mode.
- Set aside office space: Most freelancers and seasoned remote workers set aside a dedicated work area. It doesn’t have to be a separate space with a door that closes, just a small set up in the corner of a room or even just a laptop at the end of a kitchen or dining table. While it may be tempting to work on the couch or even in your bed, it’s harder to get into work mode if you’re too comfortable. Ultimately, figure out what works best for you.
- Take breaks: Just as you’d want to get away from your desk at the office throughout the day, it’s important to have a change of scenery when remote working. Try not to eat in work area if possible and make a point of getting out of the house, even just to do an errand your neighborhood if you can. One of the perks of working from home is getting a few chores done during the day that normally you’d have to do in evening hours.
- Stay in touch: If you’re used to bantering with co-workers, remote working will be a bit of a shock if you’re suddenly doing it everyday after years of going into work. If possible, use communication tools to reach out to colleagues, even if to say good morning at the beginning of the day, and have meetings using video apps if possible.
Remote working can be very productive, but it requires the right mindset, especially if you’re not used to it. Even before the Coronavirus outbreak, telecommuting was on the rise, which means employees need to adapt and organizations must have the tools in place to support them—we’ll talk about those next time.