When the pandemic forced organisations to adopt remote working, IT teams had almost no time to prepare and limited budgets. What resulted was a remote working solution that was serviceable, but far from optimum in terms of security and user experience.
Fast forward to today. Unless you’re Elon Musk – who famously told Tesla workers to return to the office full time or resign – chances are that hybrid working is now the norm in your organisation. And will be for the foreseeable future.
This leaves IT leaders with some important questions to answer. Have you deployed the right solutions to protect data in this new hybrid world? Is your organisation fostering a culture of cyber awareness? If not, what needs to change?
Divide and conquer – why remote working is a boon for cyber criminals
At its core, remote working creates a larger attack surface for organisations to protect. Your employees now routinely access your organisation’s network from a huge variety of locations – using unsecure Wi-Fi networks in airports, coffee shops, AirBnbs and more.
Linked to this, we’re seeing more instances of employees using personal devices for business purposes. This isn’t a problem when organisations implement a ‘bring your own device’ policy and implement a security infrastructure to support it. However, without adequate oversight in place, it can become a major issue when employees access systems or share sensitive data across devices.
Any discussion of the security implications of remote working would be remiss not to mention the key technological enabler of this revolution – cloud. When set-up and managed correctly, cloud infrastructure is highly secure. However, due to the rushed nature of countless mid-pandemic cloud migrations, we’re now seeing many companies retrospectively addressing misconfigurations, inadequate change control, poor cloud security architecture, insufficient identity/access management and a whole host of other issues.
Last (but certainly not least) organisations are facing a growing volume of increasingly sophisticated cyber-attacks – made possible by the prevalence of digital communications and colleagues’ physical distance from each other.
Let’s examine one example of how remote working can enable social engineering. If you receive an email asking for login credentials from a colleague working next to you in the office, you’ll likely ask them about it in-person – and quickly ascertain that the email isn’t genuine. However, if you receive the same email while working remotely, you might simply respond – inadvertently sharing highly sensitive data.
Achieving lasting cyber resilience in a remote environment – key considerations
To protect themselves in the new hybrid working landscape, organisations must abandon a perimeter-centric approach to security in favour of an identity-centric approach. One way to do this is by implementing the zero trust model, in which users must authenticate themselves as they move laterally through a network, rather than simply on entry. Implementing this hinges on having a suite of identity and access management tools in place – including multifactor authentication, single sign-on, and privileged access management.
Another key consideration is the management of security certificates. These small pieces of code establish an encrypted link between a web server and browser, or between two email applications. For instance, when a user visits a website with a lapsed security certificate, they receive a warning from their internet provider or are prevented from accessing the site entirely.
Too many organisations overlook the importance of security certificates in improving website and email security. In a digital-first world, they’re a crucial part of establishing trust. Put simply, security certificates help users establish the authenticity and identity of organisations and individual senders. Particularly for larger organisations, it can be helpful to invest in a solution that enables them to be issued and managed centrally.
Less talked about (but equally important) is the impact of remote working on how organisations process and sign sensitive documents. From employment contracts to supplier agreements and NDAs, organisations are constantly transmitting documents which require signatures. Manually printing, sending and signing paper versions is unnecessarily time-consuming, wasteful, and unsecure – especially now that employees can be based almost anywhere. A paper document can easily be lost or intercepted, or a signature forged. Implementing an electronic and digital signature solution prevents this by making it easy for organisations to certify the identity of the signatories of a document and guarantee its authenticity, integrity and validity over time.
The bottom line? Building a watertight security strategy for hybrid work environments will likely not be a case of incremental improvements. Instead, it’ll require a mindset shift for IT leaders – moving from perimeter security to an identity-first approach, and embracing digital solutions to support security certificate management, e-signatures and more.
Find out more about e-signature solutions here.