In the wake of the COVID-19 pandemic, many organizations are adopting or experimenting with new models of long-term remote work. For some, that means keeping their teams fully distributed. For others, it means giving employees more flexibility to work from home or even simply putting plans in place for the future.
But this shift to remote work brings new challenges that both large enterprises and smaller organizations must face. The security risk of this new remote workforce is already clear: Cybersecurity leaders reported a huge spike in cyberattacks in 2020, with mobile devices being a particularly common target. To ensure privacy and security while working remotely, teams must approach the problem strategically and preemptively.
During a roundtable discussion on remote workforce security, we asked security experts to share their thoughts on how teams should think about cybersecurity challenges in a post-pandemic workforce. Here’s what they had to say.
New security challenges for remote work at scale
Cybersecurity is already a complex challenge for both large and small organizations. But remote workforces introduce additional complexities. Instead of a single office, the security of hundreds or even thousands of individual homes—as well as coworking spaces, cafes, and other temporary workspaces—must be considered. Employees may be using mobile devices more frequently, and their home workspaces may be shared with family members, roommates, or other people.
“One of the biggest challenges of remote workforce security is that you just don’t have that same secure perimeter that you used to have,” says the IT Director of a nuclear technology firm. “When you’re in a controlled office space, you know exactly what’s going on. You’ve got locking doors, you’ve got cameras, you’ve got access control methods and auditing. You just don’t have that kind of infrastructure in work from home environments.”
Jack Naglieri, CEO and founder of cybersecurity firm Panther Labs, notes that while many teams were already adapted to occasional work-from-home protocols, the scale of a fully remote workforce exacerbates infosec risks: “[With remote work], many conversations that you would have had in person, you’re forced to have via video or text chat, which, in turn, increases the overall amount of sensitive data being shared that could potentially be leaked.
Invest in privacy-conscious tooling from end-to-end
So what can teams do to bolster remote security for their team, no matter where they’re working from? Opting for software designed with data sovereignty in mind is an important first step for securing remote workforces. As teams grow more reliant on collaboration and communication tooling to get their work done, security leaders should be mindful of what tools their teams are using every day, where their sensitive data may end up, and evaluate the potential weak points of those solutions.
“We use fully end-to-end encrypted chats for sharing sensitive information,” says Jack. “Using Signal or Kebase instead of Slack or Zoom, for example.”
High-security organizations like the US Air Force are opting to use open source software because it gives them greater visibility into and control over the way their vital team communications are stored and processed.
Bad habits are hard to break: Create a cultural shift towards security
Top-down processes and tooling are only one part of the security equation. Adopting a company-wide culture of security and embracing security best practices is essential.
The IT Director we spoke with cautions that bad security habits—which may not be as serious in a controlled office—can become major problems for remote workforces: “Data control gets particularly important when you start thinking about employee onboarding. Everybody’s been through the workplace and seen that one person who’s got stacks of printed-out paper just all the way around their cubicle. That behavior doesn’t change just because they’re now working from home.”
Organizations must ensure that every employee is security literate, especially when remote work is the norm rather than the exception. When the entire team understands how their actions impact organizational security, they’ll be better equipped to help prevent security breaches.
The bottom line: Remote workforce security must be strategic
In an era where remote work is becoming more of a rule than an exception, remote workforce security can’t be an afterthought. Fortunately, many teams are already taking a more deliberate approach to cybersecurity strategy, including adopting zero trust methodologies and putting incident response plans in place.