The rapid shift to remote work at the outset of the pandemic forced many organizations to accept new security risks just to stay operational. Months later, remote work shows no sign of going away – nor do they constantly evolving cybersecurity threats that come with it.
Weathering the pandemic’s current and future economic fall-out will be hard enough. Companies are in no position to contend with a cybersecurity disaster. According to the Ponemon Institute, the average total cost of a data breach worldwide is $3.92 million, while in the U.S. it’s $8.19 million.
In today’s climate, every organization should be ready for a work-from-home order and its associated risks. Strengthening data security and compliance for remote work will be a top priority in the next normal, and your company intranet can help.
The security risks that come with remote work
Even having some employees work remotely some of the time could present a serious security risk, but a wholesale shift across the organization amplifies the threat exponentially. In a remote office, every single communication – from idle chatter to highly sensitive client data – happens online, making it vulnerable to hacks, breaches, and leaks.
There’s clear evidence that the pandemic-driven surge in remote work and COVID-related fear intensified cybersecurity dangers for organizations. Deloitte’s Cyber Intelligence Centre saw a spike in phishing and ransomware attacks using COVID-19 as bait, as did Google’s Threat Analysis Group, which detected over 240 million spam messages per day related to the virus.
It’s no surprise that a recent analysis found 70 percent of major public and private organizations plan to increase cybersecurity spending in response to the pandemic. Leaving the protection of on-site IT security to address specific security risks, including:
- Home computers are more likely to be older and unpatched
- Remote employees may access their company networks insecurely
- Home Wi-Fi tends to be poorly secured, and connected smart devices in the home (from security cameras to thermostats) increase the attack surface
- Settings for remote workers are evolving, bringing increased risk: 37 percent connect from coffee shops/restaurants, 27 percent from someone else’s home
Employees using unsanctioned apps with recent research confirming 1 in 4 employees use at least two non-approved apps
The overnight pivot to remote work also left many people feeling confused and unprepared as they confronted new tools and unfamiliar ways of working, making them ripe for exploitation by savvy cyber attackers.
7 tips for making remote work more secure
With many employees now settling into at least part-time remote work for the foreseeable future, now’s the time to reduce long-term risk by enhancing your organization’s security strategies. The key is to implement strong safeguards that don’t burden users with cumbersome procedures.
- Create a cybersecurity knowledge base
Most cyber-attacks can be attributed to human error. One recent study by international risk management firm Gallagher found 60 percent of cyber attacks on UK businesses were caused by employee error. If your organization hasn’t already, provide basic security training for remote workers (covering everything from phishing and other scams to IT hygiene and shadow IT). Put the training information in a centralized Security Knowledge Center within your company intranet alongside all cybersecurity-related policies, approved apps, reporting vectors, FAQs, and more.
- Cultivate a no-blame environment
Foster a culture where no one is afraid to report a potential breach, even if they believe it’s their fault. Update your organization’s incident response plan, including offline emergency contacts.
- Move to secure cloud services
The pandemic’s economic blow has slowed worldwide investments in information security, but Gartner research predicts a 33 percent increase in spending on cloud security in 2020. Wherever possible, give remote workers access to secure cloud-based storage for all sensitive information.
- Strengthen passwords
Ensure remote workers have the most robust protection on all their devices. To ease the password burden, consider multi-factor authentication and single sign-on.
- Keep everything in one place
Tame the potential chaos of remote workers scattering files across inboxes, file shares, apps, and hard drives. A single, centralized platform like a digital workplace not only minimizes points of vulnerability but enhances remote collaboration and knowledge management.
- Secure your platform
Choose a secure hub that encrypts data at rest and in transit. For remote access, a single VPN is your best option. And don’t forget the fundamentals: use security monitoring (anti-virus, malware) to mitigate inevitable human error and prevent threats.
- Ensure compliance with privacy regulations
Whatever platform you select should enable your organization to easily comply with relevant industry regulations (e.g. HIPAA, GDPR, etc.).
Today, future-proofing your organizations means striking a complex balance: giving employees the tools they need to stay productive remotely while defending against current and emerging threats. With simple – yet effective – best practices and a secure digital workplace, it’s possible.
Find out what security features your digital workplace should have here