For your digital workspace to be a success, it has to enable employees to do everything they could in the office from anywhere in the world – securely. That last part is arguably the most important. Would you rather have slower, clunkier processes, or open your company’s data to increased risk?
With the right security policies and remote working tools in place, that’s not a choice you’ll be forced to make. Security and functionality do not have to be mutually exclusive. Here are four steps you can take to ensure your staff are working from home without compromising data security.
1. Adopt a hybrid approach
Thin clients are often thought of as more secure than laptops, but if you’ve read our blog on the future of VDI, you’ll know that they’re not as well-suited to the requirements of the modern workplace. We’ve seen clients investing in laptops over thin clients as it becomes increasingly clear that remote work is a lasting trend.
To make up for the increased security risk associated with locally-hosted software, it’s a good idea to provision line-of-business (LOB) applications through VDI rather than having them processed on the laptop. A hybrid approach allows for greater visibility over the security of your business-critical apps. Crucially, it does so without hampering your employees’ ability to collaborate using locally-hosted video conferencing software like Microsoft Teams.
2. Refresh your security policies
Like many businesses, yours may not have been a remote-working organisation before 2020. A lot will have changed – especially your reliance on IT. Whether employees are taking advantage of a BYOD policy or you’ve provided them with laptops, your security policies will now have to account for the unique challenges presented by a dispersed workforce.
Revisit your existing policy to ensure that you’ve covered basics like:
- Antivirus software requirements
- Password best practices
- Acceptable use
- Network security requirements
It’s also worth going beyond the cybersecurity fundamentals to counter record-high numbers of malware and phishing attacks. Measures like two-factor authentication are no longer an option, especially if you’re taking our advice and making the most of a hybrid system. LOB applications will have their data safely stored elsewhere, but Teams conversations – which will likely be processed locally – may be at risk without the proper precautions.
3. Update legacy platforms and processes
CSO’s Susan Bradley makes an important point about access provision:
‘Those who use geoblocking in the firewall to restrict access…will need to review and revise those policies given that your firm’s employees will be coming in from various locations.’
In our experience, it’s not just firewall policies that need updating. We’ve seen our fair share of businesses that are still running virtual desktop instances on outdated, vulnerable operating systems. If you haven’t already, now is the time to audit your cloud resources and plug any potential leaks.
4. Educate your employees
Don’t leave your security policy on the intranet to collect dust. Instead, actively engage your workforce in the security conversation. That could mean hosting virtual workshops, or, if you’re part of an enterprise-level organisation, asking team leaders to review policies with their colleagues. As threats mature and adapt to the meteoric rise of remote work, so should your team’s vigilance and security education.
Meeting in the middle
To a certain degree, your cybersecurity strengths and weaknesses are down to your employees. Without trusting them to follow best practices and use good judgement, you won’t get far as a remote organisation. You will reduce the risk of a breach several times over, however, by doing some of the thinking for them.
Don’t force your team to choose between functionality and security, and refresh policies to reflect the changes that have taken place over the last year. That way, there’s little to hinder successful, secure remote work.