Plugging the Holes Remote Work Punched Through Security
Mike Arrowsmith, Chief Trust Officer at NinjaOne, advocates for a lasting change in the way organizations do remote security.
The benefits of a flexible work environment continue to make the headlines — and with good reason. A Pew Charitable Trust study highlights that working from home is still widespread even after most COVID restrictions have been lifted. The big difference is that most telecommuters today do so voluntarily. We are clearly entering a new phase in the work-from-home evolution.
NinjaOne surveyed 400 employees in regulated industries to find out how changing work styles are affecting the security posture of companies. the accompanying report, Hybrid work in 2022: How IT is coping with the new challenges of a flexible working environment, points out that many companies are still too cavalier when it comes to technologies that enable hybrid working. And when policies and technology don’t match the reality of how and where people work, businesses are vulnerable.
A permanent shift requires permanent action
While some companies have asked their employees to return to the office, many still offer flexibility around where and how their employees work. Most of the time, this is what employees want. Less than 10% of NinjaOne survey respondents said working in an office five days a week is their preferred work model. The shift to remote work will continue, so it’s time for organizations to rethink their technology stack and the policies that manage it.
SEE: Mobile Device Security Policy (TechRepublic Premium)
Investment in technology to support teleworkers skyrocketed at the start of the pandemic. It was a quick change that required quick action. Many of the luxuries that come with implementing technology in “normal times” are not granted to companies in a crisis. Technologies were introduced without the typical level of testing or the ability to properly communicate changes to end users. It worked, but now is the time to re-evaluate these implementations and ensure organizations aren’t exposing themselves to undue risk. Failure to do so increases the risk of a breach, which can have devastating consequences in terms of customer trust, hefty fines and even loss of contracts and business.
It’s time for a change
According to the Hybrid Work 2022 report, there are likely some areas of your business that are not fully prepared to support and protect your business in a remote-first world. To get you started, here are three recommendations you can start implementing today.
Find the right balance for a good collaboration
Remote workers want to feel connected to their colleagues, even when they’re not in the same room. If IT can understand what tools employees are using (or want to use) to connect with their peers and integrate them into their tech stack, it limits the use of shadow IT.
Shadow IT is a common problem. 25% of respondents use unapproved software and 27% use unapproved communication channels for work. Providing technology that employees want to use (rather than just management preferences) is key to any successful business – helping employees get their jobs done while ensuring all tools are managed appropriately.
Communicate roles and responsibilities
Employees should have the same level of support regardless of where they work. But where are they supposed to go if they can’t physically go to IT and ask for help? Employees need to know how IT can support them and who to turn to.
The study revealed that more than 30% of employees are responsible for managing communication channels, updates, IT security and troubleshooting or do not know who the right contact person is. Additionally, 45% of respondents were either provided with minimal or no rules and formal guidelines, or were unaware of this information as they work in hybrid work environments. These numbers are way too high and need to be addressed.
IT also needs to communicate why cybersecurity is everyone’s responsibility and why new policies have been implemented. Articulating the risk that employees could put the company, customers and colleagues at risk if they don’t follow cybersecurity best practices can make all the difference.
Manage endpoints effectively
More employees working from home means more remote devices interacting with corporate data. All endpoints – a phone, computer or tablet – must be properly managed and secured. A unified IT management tool makes it easy for even the most resourced IT departments to manage hundreds or thousands of endpoints simultaneously. With intelligent automation features, manual updating, configuration and management of endpoints is a thing of the past.
Here’s how to start making the security transition
Giving employees the ability to work when and where they want can be a good business decision, but it can also expose a company to undue risk. The good news is that if the right steps are taken, allowing employees to work remotely on a regular basis doesn’t have to be an obligation. It takes some strategic planning and ongoing support, but properly empowering remote workers and improving an organization’s security posture is well worth the effort.
Mike Arrowsmith is Chief Trust Officer at NinjaOne, where he leads the company’s IT, security and support infrastructure to ensure NinjaOne meets customers’ security and privacy needs as it scales. Prior to NinjaOne, Arrowsmith held senior security roles at Guardant Health and Splunk, where he focused on managing and scaling IT and security teams. Arrowsmith brings a deep understanding of how high-quality, fast-growing companies solve security challenges, embedding a security culture and infusing data ethics into everything they do. Most importantly, Arrowsmith has an unrelenting focus on customer experiences and is heavily involved in product development at NinjaOne, bringing a company zero mentality to his team.