By Achi Lewis, EMEA Director, NetMotion
For many of us, the new normal means we are working from home (WFH) rather than commuting to an office. And even as some people start to return, remote working could become the preferred way of working for many. The professional services sector is no different. Almost overnight, COVID-19 restrictions have brought a cascade of different working practices, too.
Even with the ‘new normal’ of WFH or remote working environments, firms are trying as hard as possible to ensure that their people are just as productive as they were before. For IT and security teams, this has put a massive spotlight on the new security and compliance challenges that this environment has caused. The workforce needs to connect securely and without sacrificing user experience. And very importantly, without skimping on the service level provided.
Security is key
Security must always be a top priority for any firm developing a remote working strategy. Encrypting traffic on unknown or insecure networks can avoid so-called Man-in-the-Middle (MitM) attacks and prevent any accidental data loss. Imagine if a firm were to lose the financial details for its client base – a disaster for any organisation. Ultimately, nothing should be left to chance. There are tools that can help, such as a solution that prevents unofficial app downloads – a popular way for ransomware to be distributed.
Here are some examples. If your organisation uses Microsoft OneDrive for online storage, unapproved services such as iCloud, Dropbox and Google Drive can be blocked. You can adopt a security approach that allows for specific policies whenever employees are working on their own home networks and others if they’re using a less secure hotel, airport or coffee shop network.
Also, any solution being considered should include the ability to provide reputation-based domain filtering, which effectively limits access to high-risk content that would normally be prevented by a corporate firewall. One of the biggest downsides with enterprise VPNs is that once a bad actor has access credentials, they have a much easier path to move laterally through an organisation. Something like role-based access controls would help to limit this by granting selective access to every aspect of the management console – if somebody at the firm doesn’t need access to particular information, then deny them access and limit any weak spots for hackers to leverage. Another tactic is to enforce authentication, using adaptive authority (context-based MFA) or implement a software defined perimeter (SDP) – this provides a closed one-to-one connection between employees and the resources they need and keeps potential hackers out of enterprise resources, whether hosted on-premise or in a private cloud environment. If your firm’s IT team has full visibility of all devices connected to your network, they can address issues quickly.
Compliance regulations are a big deal – there’s no way around them for any organisation. Failing to comply is ultimately a costly exercise. On the one hand, your organisation could face stiff fines from the relevant regulatory body, and on the other, there are costs associated with reputational damage. Needless to say, no organisation wants to deal with a raft of compliance issues resulting from its remote working policies. With this in mind, ensuring that your client data is secure should be a critical focus for any firm. But that’s the important point in this discussion; any security solution has to allow employees to access internal systems and applications from anywhere, on any network, without the worry of being compromised.
It’s all about the employee experience (EX)
Employees who are remote or mobile need to be able to carry out their work without any impact on their employee experience (EX) – a seamless experience results in greater productivity. You don’t want your employees complaining about annoying re-authentication practices or poor quality video calls – often a frustrating experience. Indeed, the pandemic has seen a huge uptake in video-conferencing platforms such as Zoom, Teams, Webex and Google Meet. But such platforms are not without their faults – a prominent issue is that some can’t adjust dynamically under less than ideal internet connections, exacerbated by more people joining a call. If your organisation is expecting employees to deliver the same levels of service and professionalism at home as they do at the office (and I’m guessing that’s the case for everyone), then there’s little point having a remote workforce if technical issues mean that clients don’t receive the care they’ve rightly come to expect.
Fail to prepare, prepare to fail
COVID has certainly illustrated how all firms need to be better prepared for remote working. Will this lead to a permanent shift in working patterns? What if employees do not want to return to the office once the restrictions are relaxed? With many systems struggling to cope with remote working, many firms are naturally rethinking their roadmap when it comes to remote access. For their part, ISPs have come under understandable pressure to improve bandwidth and lift data caps so that remote workers do not get cut off from their employers halfway through the month.
The pandemic may well have rung in the changes for a distributed work revolution – for many firms it could have provided the opportunity to embrace long-overdue work flexibility. But flexibility with security, compliance and EX in mind. The motto of the wise, be prepared for all surprises.