In 2022, businesses in all sectors face a changed working environment. The Covid-19 pandemic has altered how organisations and people view work. Perhaps the most visible example of this comes in the number of employees who now consider remote working to be a big part of their normal and preferred working schedule.
70% of the general public now believe that full-time office working is a thing of the past and, perhaps more surprising, was the fact that an even greater number (79%) of business leaders believed that this was the case. This shows that the expectation from businesses is that remote working is likely to become even more normalised in line with the 91% of workers who prefer having the option to work from home. Of course, while it is a popular idea that appears to be generally supported by businesses, this isn’t to say there are no downsides. Indeed, increasingly, businesses are concerned about the issue of cybersecurity.
Cybersecurity is enough of a challenge in an office environment where many of the variables can be closely monitored. But, with regular remote working, the potential risks are increased. It is important for companies to understand what they can do to protect their staff against the tactics of cybercriminals.
Get shadow IT under control
One of the major issues that companies face when staff work remotely is a concept called ‘shadow IT’. Shadow IT is defined as ‘applications accessed and used by employees without the knowledge or permission of their IT departments. It isn’t necessarily the case that any such application is inherently flawed or dangerous; “shadow IT” simply means that an app is being used without IT’s explicit approval or oversight’.
The issue here is that IT teams are usually able to vet and approve any applications or software used by employees. However, when employees use a variety of different endpoints such as their personal laptops or mobile devices, they can make use of their own software that might help them to do their job, or make it seem easier. The problem is that these applications and software systems might not be updated and may contain known vulnerabilities that can be exploited by cybercriminals. It is vital, then, to help remote staff understand the importance of only using approved software and not shadow IT.
Track cybersecurity issues with Jira
While software like Jira was once thought of only as something relevant for technical and IT-specific businesses, it has become increasingly popular across many sectors. Jira is a project and work management solution that is designed to make it easier for organisations to track their work across a range of complex issues.
Companies are now beginning to see the potential advantages for tracking cybersecurity issues and challenges via Jira. This is a very powerful platform; the average large organisation tracks 1.4m issues through a single Jira instance. If your company wants to manage its cybersecurity effectively, Jira is one of the best ways to do it.
It is sensible to find a balance between keeping workers secure and allowing them to do their job without inhibiting them. The fact is that if staff are going to work remotely, there needs to be new safety protocols brought in to attempt to minimise risks. One of the most important of these protocols is controlling access.
Staff might be used to having full access to data, information and the different aspects of the company servers. However, if every member of staff has full access to everything, this means that a single breach by a cybercriminal gives them the same full access to whatever they are looking for.
It is a much better idea, then, to limit the levels of access that each member of staff has. The concept is often known as the principle of least privilege; you should only give staff access to the data and parts of your IT system that they need to do their job.
Focus on endpoints
It is important to think about endpoints. When employees work in the office, they are in a controlled environment with endpoints that can be easily monitored by the IT team. Yet, when they work remotely, this is not necessarily the case. Indeed, those working from home are generally able to use a much greater variety of endpoints, and this can be a very significant challenge from a cybersecurity perspective.
Workers increasingly use everything from their laptop and desktop to phone and tablet to access work data and software. The problem here is that while your in-office computer has a full suite of cybersecurity protections, your home devices might not have those additional layers of security.
It is important that your IT team is able to vet all of the potential endpoints that are going to be used. Doing so, they can recommend updates and security software in order to keep them secure.
Provide your team with training
Undoubtedly a major part of keeping your remote staff safe against cybercriminals comes in ensuring that they have the right training. Making sure that staff are well-informed is a valuable line of defense, and this is especially true for remote workers.
Of course, many businesses put training sessions in place. But one single session isn’t enough to keep staff protected. Sessions need to be regularly updated with the latest information so that staff understand the worst current threats and biggest risks.
Have a remote working policy
Finally, it is crucial to ensure that you put an official remote working policy in place. This policy should provide advice and guidance on what is expected on home workers. It should indicate the importance of simple premises such as the use of strong passwords, regularly updating hardware and software, and avoiding the use of public Wi-Fi.
Cybercrime is a growing problem and businesses in all sectors need to face it. As remote work is likely to become the rule rather than the exception, it is vital that companies factor in keeping remote staff as secure as possible when they work.