By Luke Fitzpatrick
One of the biggest consequences of COVID-19 for enterprises beyond 2020 will be the acceleration of the trend to working the majority of the working week from home.
Already organizations were encouraged to look into it on the promise that each employee working from home would, on average, work an additional 1.4 days per month, and that there would be greater productivity due to a perceived improvement in work/life balance.
This working from home percentage was increased in an accelerated fashion due to the COVID-19 situation. With lockdown effectively mandating that most people in professional careers work from home, as we return to ‘normal’ it is likely that the dominant trend going forward will be that employees will want to continue working from home into the future. Indeed, research suggests that as much as 41 percent of employees will continue to work from home to at least some extent following the pandemic.
Shifting to work from home has been large-scale. Some ISPs saw a surge of as much as 25 percent in bandwidth use, and the underpinning reason for this increase is home office use. For example, the video conferencing platform Zoom has seen a jump from 10 million users to 200 million users as people look to undertake their required meetings online.
Organizational concerns related to the increase in working from home
As beneficial as working from home has been in helping businesses to remain productive and employees stay engaged, there are security concerns with enabling work from home, and this has been the reason that so many organizations have been hesitant to do so.
One key concern is that the organization needs to open the network up so that it can be accessed over residential internet connections – and without having firm control over your internal BYOD security policy, this can quickly end in disaster.
One solution to this that all businesses should make standard when enabling work from home is to mandate that employees use a VPN service from a reputable provider (not all VPNs are equal, so be sure to do your due diligence to find one you can trust). This immediately makes it harder to target a home worker with malicious attacks, as it hides the IP address of the user, encrypts all data sent from that user’s devices, and masks the user’s physical location.
Next, the company should provide secure cloud services so that employees don’t need to save anything locally or distribute it to other employees through insecure ways (such as via email). A service such as Microsoft Office 365 provides each employee with plenty of cloud-based storage for all kinds of documents and then allows them to collaborate online, in a secure environment, in real-time.
Another critical step is for the organization to mandate backups across devices. This doesn’t mean keeping local storage drives in employee’s homes, but rather using management software across the cloud environment, and mobile devices to keep a separate cloud backup of the environment.
One of the areas that IT can overlook when dealing with a highly distributed, remote working environment, is the need to have a backup strategy in place for the remote devices and their data.
Internal training on best practices
Organizations should also undertake an education program to help employees understand how to operate securely. In addition to implementing two-factor authentication and other password protection best policies, organizations should help employees understand the importance of having powerful passwords, how to identify a phishing attempt over email, and other best practices.
Companies should also guide employees over how to change the admin password on their modem/routers, and understand the risk profile of working over a residential internet connection. A large percentage of security risks come from human error, and when employees are working remotely, it’s even more important to help them to understand how to take personal responsibility for their security.
The dangers of public WiFi
Finally, as lockdowns ease and people start getting out and about again, remote work will also become traveling work. Perhaps an employee likes to take their laptops to the local café for a morning coffee. They might travel to meet with clients, or want to check in while overseas on a holiday. There’s nothing inherently wrong with any of that, however by the same token it’s important to reinforce security best practices in public.
For example, public WiFi hotspots should not be used to access the corporate network. The organization should also have remote access control (RAC) installed on any device that is used for work. That way, if a device is lost and stolen, the organization can lock down the data on the device and undertake retrieval steps.
Many organizations have been historically hesitant to enable work from home, for the perceived security threats that it entails. However, the advent of COVID-19 forced their hands, and those same organizations were given the option of enabling remote working or shut down through the pandemic.
Now, however, the solutions and technology are in place to allow remote working after the pandemic, and employees are going to expect it. Moving forward, remote working security is going to be an ongoing priority for every organization, with the good news being that — once implemented — the productivity gains that come with remote working will be worth the effort.
About the author
Luke Fitzpatrick has been published in Forbes, Yahoo News and Influencive. He is also a guest lecturer at the University of Sydney, lecturing in Cross-Cultural Management and the Pre-MBA Program.