How can companies secure a hybrid workforce in 2021?
This has been a uniquely transformative year. Prompted by a global pandemic, we’ve been forced to change many things about how we live, work, and relate. For most businesses, this means a rapid and comprehensive shift toward remote work.
While more than half of all employees participated in a rapid transition to remote work, it’s clear that this is more than just a temporary change. According to a June survey by PwC, 83% of employees want to work from home at least once a week and 55% want to continue working remotely even after the pandemic subsides.
As companies look to cut costs, reduce turnover, and maximize growth potential, telework will play a central role in both the present and future of work.
While remote work comes with many benefits, it also presents several unique cybersecurity challenges. By now, the costs and consequences of a data breach or cybersecurity event are well-documented, and they threaten to undermine the benefits of this new work arrangement.
Fortunately, companies aren’t powerless in this regard. By taking steps to mitigate the most potent threats, they can minimize risk and maximize opportunity during this transformative moment.
Here are three risk categories for remote teams and the next steps companies can take to improve their defensive postures heading into 2021.
Insider threats
Even before remote work was ubiquitous, accidental and malicious insider threats posed a serious risk to data security. As trusted team members, employees have unprecedented access to company and customer data, which, when left unchecked, can undermine company, customer, and employee privacy.
These risks are magnified by remote work. Not only has the pandemic’s impact on the job market made malicious insiders more likely to capture or compromise data to gain leverage with new employment prospects or to generate extra income, but accidental insiders are especially prone to errors when working remotely.
For example, many employees are blurring the lines between personal and professional technology, sharing or accessing sensitive data in ways that could undermine its integrity. In response, companies need to be proactive about establishing and enforcing clear data management guidelines.
In this regard, communication is key, and accountability through monitoring initiatives or other efforts will help keep data protected during the transition. In doing so, CTOs and other IT admins can prevent:
- Accidental or malicious data sharing or exfiltration
- Unauthorized data access or movement
- Device management to ensure professional device use
- Risky data use practices.
The right software can even provide real-time alerts of suspicious behavior, allowing leaders to communicate and collaborate with employees, creating communication cycles that improve overall data security.
Access control
Most companies have spent years fortifying the IT infrastructure against cyber threats. Telework requires employees to leave company networks’ safety and accountability, and IT admins will need to equip them for success, regardless of location.
Many workers are using unsecured Wi-Fi connections, which could threaten data privacy. At the same time, bad actors are readily taking advantage of the billions of compromised login records to gain front door access to critical IT infrastructure.
Therefore, leaders need to equip remote teams with the tools to control access to their accounts and networks. This includes:
- Account password standards. Employees need to use strong, unique passwords that are routinely updated.
- Data security services. Companies should provide access to and require the use of a trusted VPN service and two-factor authentication on all accounts.
- Threat detection and notification options. Equip workers with digital tools that help train data privacy best practices and alert them to potential threats.
Taken together, these steps can help reduce exposure to cyber risks related to network and account access.
Malicious messages
Bad actors are proving their agility as they responded to the COVID-19 pandemic with a deluge of fraud attempts that sought to capitalize on peoples’ altruism, vulnerability, fear, and curiosity.
For example, the number of phishing scams – authentic-looking messages that capture valuable login credentials – increased by 667%, and law enforcement agencies worldwide have issued warnings about continued fraud attempts.
When employees are stressed, isolated, and overwhelmed, they are more likely to engage with and fall for these threats. Unfortunately, during the pandemic, employees report feeling more stressed than ever, something that is unlikely to abate anytime soon.
While automation and cybersecurity software can help reduce this risk, companies should pour energy and resources into training initiatives that educate employees on the risks and equip them with practical strategies for protecting data.
Secure a hybrid workforce
Transformation is rarely easy, and it’s certainly never flawless. As remote work continues to emerge as a central component of a hybrid workforce that will dominate the months and years ahead, it’s important to ensure that this arrangement is an asset and not a hindrance.
To be sure, the threat landscape is ever-expanding, but by addressing the most prevalent threats to data security, companies can significantly reduce the likelihood of a data breach or cybersecurity incident resulting from the new normal.