By Sebastien Marotte, President of EMEA, Box
Deep into the second year of the Covid-19 pandemic, it’s clear that remote and hybrid work is here to stay, leaving business leaders at a stage where they need to address the lasting impacts of distributed teams, digital transformation, and a security and regulatory environment which is becoming increasingly more complex and high-stakes. This represents a challenge and new opportunities for companies to adopt more secure, collaborative and productive ways of working, the centre of which is how companies treat their data.
When the nation was initially forced into lockdown, UK businesses on the whole were quick to react to the shift in working environments. From sourcing laptops and hardware to developing new methods of internal communication, businesses up and down the country valiantly cobbled together solutions that allowed them to continue business as (somewhat) usual.
While easy and secure collaboration has been a priority for most businesses to work effectively across time zones and teams, internally and externally, adopting new technologies and integrating these workflows as we moved to digital-first and hybrid ways of working didn’t come without their challenges. As companies shifted away from older legacy systems and onboarded more third parties and technologies into their ecosystems, it became much harder to collaborate and secure content across various systems.
The threat landscape also expanded as a result of remote working. In addition to working with more parties and technologies, with employees connecting to their personal wifi networks and using personal devices, rather than a traditional perimeter-based security approach, companies are facing an increased number of ransomware and security threats. Data breaches shot up by a third during the pandemic, with no business immune from the risks. To tackle this issue, businesses continued to tighten up security with varying levels of privacy and user access.
Now, as businesses begin to embrace the hybrid working model, one of the key challenges for leaders is ensuring they can keep up to date with a landscape being continually shaped by efficiency, openness and security, while enabling teams to continue collaborating effectively and creatively across content.
Collaboration as the key to success
Despite studies showing that remote work has boosted UK productivity levels, business leaders are increasingly concerned about the negative impact that the decentralisation of their workforce has had on collaboration.
With many employees working from makeshift home offices, in multipurpose environments, or even abroad, security practices can sometimes take a back seat to make collaboration quicker and easier. Working across shared content in real time reduces the time employees spend on tasks, helps with faster decision-making and problem-solving, and enables teams to work side by side in the same way they would in an office environment.
One problem with teams working across several collaborative apps and tools is that it becomes tricky to safeguard content. Content needs to be protected across all of these, by using a secure content layer with built-in features rather than bolted-on extras. This enables businesses to easily access content across teams and geographies, and collaborate with external third parties with enhanced security controls.
Employees are often the weakest link when it comes to business security. Outside of the office environment and left to use their own devices, they run the risk of forgetting about security and working around security measures to make their lives more straightforward. It’s up to business leaders to ensure their workers understand how to use their tools and systems effectively while being mindful of security, who their collaborative partners are, and who to share content with.
Security underpins everything
Both the revenue and reputation of a business depends on effective security. In an office environment, the infrastructure itself left fewer entry points for malicious actors, but the threat landscape has evolved and expanded as a result of hybrid working. Each employee working at home or remotely creates a new potential access point for hackers – it’s no surprise 57% of IT leaders believe that remote work will expose their firm to a data breach risk.
End users are often the biggest security risk, and with employee behaviour much more difficult to monitor while working remotely, this is having a knock on effect on business security. One fifth of UK remote workers have used their work email or passwords to set up accounts on consumer websites, with almost 40% using personal devices to access company applications and networks. In spite of this, almost 50% don’t have two-factor authentication set up for personal devices.
One of the most effective ways to mitigate the threat landscape of personal devices and networks is through education and trust-building. Communicating clear policies about trusted devices among staff and sharing information about different security threats and how to best protect their data will help to establish and reinforce a strong culture of security as we move towards a more permanent hybrid environment.
Different types of data hold varying degrees of security importance for every organisation, whether it’s financial information or healthcare records, we need to have a clear view and understanding of the harm that could be caused in the event of a breach. Differentiating between the crown jewels of data and others will help prepare you for a worst-case scenario, while integrating the appropriate security controls for the most important data with clear lines of accountability will ensure data is protected by both technology and those with access to the data.
Striking the balance
Most companies are either too locked down with their security, making it difficult to collaborate effectively, or too permissive, which runs the risk of security breaches. To strike the right balance and empower collaboration without creating too many barriers, businesses need to first go back to basics and make sure the core security fundamentals are in place.
Organisations benefit from strengthening their security foundations, and making sure employees fully understand security policies and best practices such as multi-factor authentication and software updates. The best security solutions are not added-on, but built into every part of the business.
Securing remote work is no longer just a problem for IT teams to solve, security is now built on trust and requires an organisation-wide culture to match. Developing and communicating clear policies about trusted devices and regularly sharing information about the changing threat environment will help establish and reinforce a strong security culture, even in a changing environment.
Cloud-based solutions that have rigorous security protocols integrated into the services will ultimately enable employees to collaborate productively across a single system, while ensuring that data is protected against both malicious and non-malicious attacks. Remote working is not going anywhere, and it’s time that organisations adapt and evolve their outdated systems to ensure that employees can collaborate from anywhere in the world, without putting the security of the business at risk.