Out of sight, front of mind: Securing remote workers
Organisations can enjoy huge benefit by identifying & using overlooked or disregarded cloud-native security features already in their arsenal. Microsoft 365 users may not use embedded security features.
Remote working is a trend that’s showing no signs of slowing down, with recent research finding the number of remote working jobs on offer has more than doubled in the past four years. This indicates that businesses are taking steps to meet employees’ expectations, in particular, those of the younger generation of employees.
These workers expect to access work much in the same way as they access social media – anywhere and anytime. Considering that millennials are predicted to make up 50% of the global workforce by 2020, it’s clear that businesses across all sectors need to make strides in supporting remote and flexible working.
However, when facilitating this anywhere, anytime model, it is vital that security is not overlooked. Today, as cloud has become the de facto IT set-up for organisations, the traditional IT perimeter of the past has disappeared. Now, from Microsoft Teams, to Trello, to Evernote, businesses are spoilt for choice when it comes to cloud-based tools to support remote workers. Further, cloud services such as video conferencing, instant messaging, and apps allow workers to collaboratively edit documents, with all serving to keep remote employees working closely and productively with those on-site.
Securing the unknown
When it comes to remote workers, organisations can no longer be entirely certain of how their employees are accessing the corporate network. While it might be safe to assume that employees are using secure Wi-Fi at home, what if they decide to work in a café for the afternoon? Is that Wi-Fi public or private? Are they using a VPN? How many devices are they using to access work and are they all password protected?
There is also a chance that employees may be downloading and using apps for work that have not been approved by the business. All in all, when it comes to the security of remote workers, there is a lot for organisations to consider – but there may be a more straightforward answer than most imagine.
Many organisations will find that they have already paid for robust, useful security features that are embedded in the platforms and services they use to support remote workers. Because most organisations have used third-party security providers for years, embedded security features are often overlooked or disregarded in favour of legacy incumbent security products. Additionally, the sheer number of features that come with enterprise software suites can sometimes mean security features are lost in the noise. However, organisations can enjoy huge benefit from identifying and using the cloud-native security features already in their arsenal.
Taking stock of security
For instance, many Microsoft 365 (which includes Office 365, Windows 10 and Enterprise Mobility + Security) users may not know about the many embedded security features. Intune, for instance, allows organisations to manage devices across iOS, Android, Windows and Mac with one endpoint solution – so no matter what device a remote worker opts to use, it can be secured and managed effectively by the organisation. Tools such as Microsoft Secure Score – a feature that gives organisations a score on their security posture, provides insight that helps improve security across their infrastructure, data, apps and devices. Considering Office 365 has 155 million active users, many more organisations could benefit from exploring the security features that it offers.
Ultimately, employees working out of sight of the central organisation should not be out of mind. Considering that 36 percent of organisations have experienced a security incident as a result of the actions of a remote worker, protecting email, users, applications and data, wherever an employee is based, should be a primary aim for organisations.
It is a continuous challenge to secure the ever-expanding attack surface and stay ahead of motivated bad actors and ever-changing regulations. Managing identities and access to cloud resources, securely managing mobile devices, detecting and responding to targeted attacks and insider threats, and defending against malware, is a heavy workload for security teams.
By exploring what features they may have already paid for, organisations can meet these aims and help protect against advanced threats, and personal data from loss, unauthorised access, or disclosure. At the same time, they will save themselves the task of finding new security tools and integrating them across their entire network and infrastructure. Not only will this save time and cost, but it will afford businesses peace of mind in the security of their remote and flexible workforce.
Contributed by Alex Dalglish, UK services director, SoftareONE.
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media UK or Haymarket Media.