After the freedom people experienced from remote work during the pandemic, the “return to office mandates” many companies are trotting out are flopping. Hard.
Recent mutinies against the RTOs imposed by Amazon and Dell are great examples. When employees were given the ultimatum “return to office full time, or lose out on the eligibility for promotions and raises,” more than half the workforce said “no.”
The implications for management are enormous. Remote work is here to stay. Add the coming explosion of AI in the workforce, and there’s never been a better time to create robust system safeguards around remote work.
(This article is a collaborative effort between Jan Broucinek, NPI Security Operations Manager, and Jeremy Pogue, Director of Security Services).
Return to Work Mandates Aren’t Worth the Talent Risk, Gartner Says
According to Gartner’s recent surveys, 63% of HR leaders have seen an increase in return-to-work mandates over the last twelve months. However, 74% of HR leaders cite these mandates as a source of conflict.
Nearly two-thirds of employees report they work best in a remote environment. They also report higher feelings of inclusion in a remote environment versus on-site. Increasingly, employees are prepared to “vote with their feet” in the face of RTO mandates—especially among high performers, who show a 16% higher likelihood of leaving.
This may be bad news for managers intent on having everyone at their desks every minute of the workday. But, for companies willing to embrace a remote or hybrid workplace, cloud platforms have never been better. With a few innovative strategies, your remote workforce can have productivity, connection—and most importantly—strong cybersecurity.
Let’s get into some of our favorite, common-sense IT protocols for remote work.
Five Ways to Harden Your Cybersecurity Posture for Remote Work
#1—Mandate All Work Be Done on Company Devices or through Company-Secured Apps
Sometimes, employees may want to work after hours on a project, but they don’t have their company-issue laptop handy. This can lead to dangerous behaviors like downloading company documents onto their home computer or outside apps like Google Drive, DropBox, etc. This strategy may seem benign, but it completely strips the cyber security protections for those documents. By extension, it’s an end run around your entire cybersecurity operation.
Your safest option is to make creating files on company devices mandatory and for all employees to have portable laptops or workstations. However, Microsoft does offer the ability to sign safely in through its portal, even if you’re not on your company computer. This allows the remote worker to use the online version of the apps, keeping files in the company’s protected Microsoft environment. Talk to your IT team and training department to ensure all employees understand how to do this.
If an employee participates in a team chat or reviews a document on a personal device, ensure it is done through a secured company app like Microsoft Teams or Outlook. Use a multifactor authentication system so employees can sign safely in and out of your corporate systems through these devices.
#2—Install a Virtual Private Network That’s Configured for Remote Work
A virtual private network is one of the single most important things your company can provide your remote workers. It secures the connection between their device and your systems. It encrypts Internet traffic on your endpoints so that data, IP addresses, and physical locations can’t be leaked during transit. It’s your best defense against man-in-the-middle attacks and so much more.
Put simply, a virtual private network acts like a virtual handshake between your endpoints and your network. The encryption works on two ends. First, your employee’s data is turned into an encrypted bundle. When that employee logs into your system, an encryption key is provided that the system recognizes. Only the VPN server can recognize this key and decrypt the data so the employee can begin work.
Before you install a virtual private network, it’s essential to understand the number of users on your network and the type of data that will be transmitted. Many companies already have a VPN setup, but it’s designed to work strictly between their office locations. To truly enable remote work, you’ll need a VPN set up to work, no matter the employee’s location. With careful testing and employee training, your staff will take to your new cyber security login like it’s second nature.
#3—Use a Zero Trust Authentication Structure
When employees work remotely, it’s even more critical to authenticate in your system correctly. A zero-trust architecture creates security gates throughout your system that continuously authenticate your users. Zero-trust begins with multifactor authentication tools correctly identifying employees during their initial login. A comprehensive zero-trust ensures that users are continually checked and monitored while using your company’s information technology.
Most of these structures can be created in such a way that the security checks happen in the background. If you don’t already have a zero-trust architecture in place, talk to your IT team or managed IT service provider about getting these protections today.
#4—Teach Remote Work Employees to Only Work on Trusted Wi-Fi Networks
Even with reasonable VPN protections, doing company work on unprotected Wi-Fi is never a good idea. When an employee is set up to work in a home office, ensure your IT department is working with them to provide their home network is password-protected and adequately secured.
When your employees work in a public space like a coffee shop or library, teach them never to use the free Wi-Fi offered. Teach them to create a secure Wi-Fi hotspot using their phone’s data program. The corporate VPN should be required if they cannot use their phone hotspot.
#5—Show Employees Common-Sense Tricks for Working Safely in Public Places
You should have your head on a swivel to work safely in public. Anyone around you could be trying to steal your identity, credentials, and data. In addition to the advice we’ve offered above, employees should:
- Sit with their backs against a wall whenever possible to minimize “shoulder surfers” trying to read what’s on their screen
- Use protective screen film to increase screen privacy
- Avoid downloading or working with large files with protected data in a public setting
- Set your computer to bring up your password screen whenever you walk away from your computer
Interested in Preparing Your Company for the New Age of Remote Work?
Integris can help. We have virtual Chief Information Security Officers (vCISOs) available on retainer and an extensive cloud practice. We can ensure your remote work infrastructure is secure and future-focused. Contact us today for a free consultation.