Remote working is more than just giving employees a mobile and a laptop – it comes with major security challenges, and when considering the protection of data, decentralised working equals threat multiplication.
A third of the planet is currently locked down; with places of work closed, employers of all sizes are having to adapt to a new normal of remote working. It hasn’t been consistent – some businesses and sectors are intrinsically more agile than others, and we have seen notable examples of industries, such as banking, that have struggled to deploy work from home policies, and others, such as healthcare, in which the crisis has actually accelerated remote working, such as the adoption of telemedicine.
The challenges and expected qualities of a CIO in healthcare
Yet no matter what the situation, the sudden shift to about 90% of employees working offsite has put unimagined pressure on corporate network capacity and security. There are two key and often conflicting factors challenging enterprise IT teams. Firstly, they have to keep employees secure in what were previously uncharted and out-of-scope environments (in other words, their own homes); secondly, they have to maintain the compliance needs of the broader organisation. Even for those companies operating in less-regulated sectors, this is a significant challenge.
What’s more, what we’re seeing isn’t a temporary measure; whether lockdowns relax next week or next year, there are indications that for many, the pendulum is not going to swing back to total office-based working post-COVID-19. A recent Gartner study revealed that 74% of respondents will move at least 5% of their previously on-site workforce to permanently remote positions after the pandemic.
Balancing agility with protection
The fundamental fact is that to keep businesses going, employees need to work. But for even the more agile of organisations, the shift to decentralisation is complex, and the applications and services they provide to facilitate office working do not necessarily migrate easily.
For frustrated, uncertain and, frankly, scared workers, having their ability to do their work blocked or curtailed by either corporate IT policies or management mentality can lead them to deploy workarounds and short cuts. These include consumer-grade applications (including free and freemium versions), their own devices, easily accessed SaaS and cloud-based services, and any other means or tricks they can find to get their work done.
While this might ensure work still gets done, it leaves their employers exposed to new threats, and with an increased likelihood of falling foul of regulations.
Coronavirus Diary: overcoming the remote working hurdle
Even those with extensive, relevant security are concerned at how consumer tools could impact security – for instance, in the wake of Zoom’s much documented security challenges, enterprises that once thought themselves secure are questioning their arrangements. Despite Zoom taking steps to become a business-grade tool, many do not believe the issues have been properly resolved and are reticent to allow access to their employees.
To protect data, don’t hold on to it
The solutions businesses choose must meet to certain requirements. Fundamentally, they need to keep data secure and private, which means that everything that uses data – devices, servers, applications, networks, clouds, data centres – needs to be secure as well.
There are, however, steps that enterprises can take to minimise how much data is exposed if they do suffer a breach. Firstly, they can think about how they classify their data – what is absolutely critical to their business, what needs to be protected from a regulatory perspective (such as the EU’s General Data Protection Regulation), and what’s actually not that sensitive.
Then, they need to consider what has to be stored, and what doesn’t. So if they have mission-critical data, that has to be stored in certain circumstances, the applications and devices they use need to be able to meet those parameters. At the same time, they need to consider whether said tools need to store any data themselves. Many will indicate that they only hold the bare minimum of data, but why is even that required? Even when considered separately to COVID-19 related issues, the fact is we live in a GDPR world – why would any tool wish to hold data if it didn’t need to?
How have companies adapted to the GDPR?
It is ultimately to do with functionality, which is vital to worker use and getting return on investment. Yet, if user experience sacrifices security, enterprises are not only exposing themselves to increased risk, but also regulatory punishments and fines if they are found to be in breach of legislation.
That’s why employers need to consider how the tools they are deploying are going to use their data. If it’s sensitive, it needs to be completely secure, which means true end-to-end encryption that can protect data both at rest and in transit.
Delivering a secure life in lockdown
As businesses adapt to life in lockdown, security remains a major concern. Balancing employees’ need to work effectively and with minimum disruption with the needs of securing data in the enterprise is a challenge. It is critical, however, that when remote working, organisations understand that not all tools and services are suitable for enterprise deployment – the ones that put data privacy and compliance at the fore, backed by end-to-end encryption, should be prioritised.