A 2018 survey by the International Workplace Group showed almost 50 per cent of Australian employees worked remotely at least half the time. More than two-thirds of those surveyed spent a day or more away from the office each week.
There are compelling advantages for employees in doing so – think reduced commute times and the flexibility to balance private commitments with time at the desk. For their part, businesses can reap significant productivity dividends, courtesy of the fact that workers are likely to be more productive, happier and less likely to up-sticks for greener pastures.
But while remote working can provide benefits aplenty for employers and employees alike, it’s a model that’s not short on risk. With workers scattered far and wide and, in many instances, using personal devices to access the company network, ensuring the integrity of systems and data is no straightforward matter.
Historically, enterprises relied on a perimeter-based security model; effectively surrounding the network with a high-tech cordon of steel. It’s an approach which served them well when employees were on premises all the time, but it’s less than effective in the mobile working era.
Research suggests that, by 2021, between a quarter and a third of all network traffic will bypass the perimeter in the average organisation. That’s one very large blind spot for security staff to contend with.
What’s needed instead is portable protection – a “personal security bubble” which extends to every endpoint and user, irrespective of their physical location and the devices they’re using to access the network.
In this setting, Multi-Factor Authentication (MFA) – the addition of a further layer of protection besides the user name and password – is a no-brainer. Today’s advanced MFA solutions can offer a variety of checks to verify users are indeed the individuals they purport to be digitally. These include geo-location checks which flag so-called “impossible transitions”.
User awareness training also has a vital role to play in the ongoing battle against illicit infiltrators whose weapons of war include malware viruses, phishing and spear-phishing campaigns, sophisticated social spoofing tactics and watering hole attacks. The latter term refers to an attempt to compromise a group of individuals from a specific company or industry by infecting web sites they visit frequently with malware.
While scheduled courses and refreshers for new recruits and existing employees are a must, “in the moment” training is a highly effective means of teaching employees about cyber-security in a natural environment. Programs which test users by sending phishing emails followed by messages pointing out the danger signs they may have missed can reinforce the safety message without shaming or blaming the less vigilant.
While the market is awash with products, all purporting to solve pieces of the high-tech safety puzzle, working with multiple vendors can lead to unnecessary complexity and potential gaps in the security infrastructure. Consolidating wherever practicable is likely to result in improved protection and lower ownership and administration costs.
Being blasé about security is a risk Australian enterprises can ill afford to take in 2019. PwC’s 2018 Global Economic Crime and Fraud Survey: Australian Report revealed almost 50 per cent of the local organisations it surveyed had experienced a cyber attack in 2017-18.
The visibility gap created by the mobile computing revolution is real and growing and it won’t be going away any time soon. Revising the security strategy to reflect the risks remote working poses, and putting robust measures in place to combat them, will see Australian enterprises better placed to enjoy the considerable benefits it can deliver.
Mark Sinclair, ANZ Regional Director, WatchGuard Technologies