Work from home (WFH), remote work, hybrid work, the “new normal.” Each of these terms is having a moment because they signal a major disturbance in the workforce — for many industries, office work no longer revolves around the corporate office space. Knowledge workers and other professionals have been performing their jobs, productively, from just about anywhere except the office for the last 18+ months.

Luckily, we are at a time in our collective technological maturity when this is possible because there are so many tools for communication. Company-issued computers, personal mobile devices, home and public wifi, and a rash of collaboration and conferencing platforms (Slack, Zoom, Microsoft Teams, etc.) can coalesce to create a virtual office anywhere, anytime. Could it be so seamless? Your IT and security teams may say otherwise.

The problem with WFH

The shift to a digital office created abrupt and ongoing challenges for IT and security. According to a 2021 survey report from Palo Alto Networks on the state of hybrid workforce security, 61% of respondents (from information security, network operations, application development and executive roles) have struggled to provide the necessary remote security to support work-from-home capabilities.

Traditional security departments were set up to monitor and remediate cybersecurity incidents with employees working within the corporate perimeter, but that changed practically overnight. Some companies haven’t been diligent in enforcing security policies. Workers aren’t connecting through a common VPN and they aren’t tethered to a desk inside a secure office space. Employees are, however, dealing with a new set of distractions (kids, pets, deliveries, etc.) and turning to new channels to communicate.

Cyber attackers have taken advantage of these security vulnerabilities in a big way. Incidences of cybercrimes such as phishing, stolen devices, credential theft and ransomware have reportedly increased by 300% since early 2020, when the pandemic began to spread globally.

The costs of these incidents can be devastating to a company and extend for years. For example, a data breach may include expenses such as:

• Lost data
• Business disruption
• Revenue losses from system downtime
• Notification costs
• Lost customers
• Legal fees
• Reputational/brand damage

Tips for enabling secure remote work

So, what should companies do to mitigate these issues? Most IT and security teams were already laying the foundation to support remote work when the pandemic forced the issue. As the uncertainty persists, it’s time to commit to embracing the new normal/hybrid work/WFH/etc. Here’s what we recommend:

1. Invest in enterprise-grade remote work and collaboration tools. Stay away from “free” versions so you can enable and monitor activity.
2. Rethink risk from third-party vendors. Work with your IT/security folks to develop due diligence questions for any new vendors and circulate among current vendors to level-set.
3. Invest in security awareness education and make it mandatory for all employees, at least twice per year. We also recommend including security awareness training in the onboarding process.
4. Treat all users and endpoints as potential sources of vulnerability. This doesn’t mean you don’t trust your employees; it means you’re protecting them.
5. Invest in enhanced access-control tools to ensure that users and devices are vetted before providing access to mission-critical systems. This would be a good opportunity to investigate bring-your-own-device (BYOD) solutions to separate personal from professional communications on employee-owned mobile devices.

Cybersecurity protection is not a “nice to have.” It’s a necessary part of doing business, whether employees are remote or not. Taking the appropriate steps to strengthen your security profile will help your company mitigate costly, unbecoming, resource-consuming issues. Your IT and security team will thank you.