While none of us can be entirely sure what impact crisis outbreaks will have on our organizations, it is important to be realistic that companies will have to deal with sudden shifts in standard working practices and the increased organizational risks that are presented during these unprecedented times.
Despite most organizations already having a work-from-home policy in place, most are probably not designed to extend to a scenario where large numbers of workers are advised to stay away from their office for a prolonged period of time. There is little doubt that malicious actors will be formulating their own strategies around how they take advantage of these concerning times.
The following are a number of issues organizations need to keep in mind when considering how to address the additional risk presented in securely managing a remote workforce:
Non-Malicious Insider Threats
Businesses should first think about how to mitigate the risks posed by non-malicious insiders through education of the workforce. These risks can come from simple things like Shadow IT, where employees send sensitive documents through unauthorized sharing tools.
Other considerations include risks from people physically taking documentation home with them because they don’t fully understand data classification and proper handling when not in an office environment. Circumstances today warrant a refresher on the proper handling of sensitive information.
Organizations also need to educate their mobile workforce on basic security hygiene around public Internet when working from places like cafes or libraries, as well as the risks of using unauthorised removeable storage devices such as USB sticks to duplicate data – these can easily be misplaced or stolen.
Phishing Emails and Scams
Employees who are not accustomed to working outside the office may also need some refreshers on how to handle emails from known and unknown sources.
We mentioned “known” senders as well, because workers who are not behind the firewall and being protected by solutions that screen their emails may not recognize when they are being confronted by a spoofed message that appears to be from a trusted source. Organizations should provide tips for employees to spot spoofed and other malicious emails so they don’t fall victim.
Employees should also be cautioned about providing too much information through chat, email, and on social networks when working outside of the office. They should also encourage employees to makes sure all of their mobile devices have screen locks and auto-timeouts enabled, and to use privacy screen protectors to ward off any prying eyes when working in public locations.
Secure Browsing - Better than VPN
Many of today's traditional remote work security solutions depend upon virtual private network (VPN) technology that can impede productivity because of poor performance, and in some cases may even introduce security vulnerabilities. A secure browser-based platform eliminates the need to manage a fleet of devices - managing the browser is all it takes.
A containerized environment enables remote employee productivity without the complexities and high costs of traditional VPNs or Virtual Desktop Infrastructure (VDI). It also provides a turnkey way to quickly onboard or offboard employees, contractors and partners easily.
BYOD and a Remote Workforce
Personal devices used for work need to have mobile device management (MDM) enabled if they are going to be used to access corporate information or you run the risk of unauthorized data and documentation leaving the organisation.
A good UEM solution should be multiplatform (Windows, macOS, Android, Linux) and provide device, application, and content management with integrated security. IT teams should be seeking out solutions that allow users the ability to conduct business no matter where or when, from any device on the most common operating systems.
Conclusion
Keep in mind that human error continues to be the leading cause of data breaches, and reducing the risk from non-malicious actors through clear, considered and pragmatic training is a must for organizations with an increased remote workforce and will help combat the majority of the issues outlined above.
BlackBerry has been synonymous with secure communication for over 35 years and is trusted by all of the G7 governments, and the world’s largest financial institutions. We have a team of subject matter experts who are highly skilled and experienced in helping organisations combat evolving and challenging cyber security risks.
To find out how we are securing ourselves and our customers, please get in touch with me at itodd@blackberry.com.
