With Remote Work, Workplace Safety Has New Meaning

Workplace safety is top of mind right now. And for those returning to physical offices, protecting employees from the spread of COVID-19 is front and center. But digital risks need more attention, too—especially when 45% of companies are reportedly adopting hybrid work models that feature remote work.

The post-COVID workforce is becoming more “3D”—distributed, digital, and diverse. In the case of the first two Ds, vast opportunities for global recruitment and flexibility are accompanied by ever-evolving security challenges, especially for organizations that deal with extremely sensitive information.

Remote work can heighten cyber risks by reducing physical protections, expanding user access to compromised access points and/or networks, and providing organizations with fewer insights into user behavior when employees are not connected to corporate networks. Virtual private networks (VPN) and virtual desktop infrastructure (VDI) may offer a sense of protection, but they are no guarantee of safety. What’s more, the National Security Agency has warned that VPNs are at risk of attack if proper security is not maintained.

Cyber risks fall into three categories: human error, external attacks, and insider threats. Human error could include employees being negligent with security protocols (opening phishing emails or downloading unauthorized content, for example) or losing a device (or having one stolen from them). External attacks, which accounted for the largest share of data breaches in a 2020 review, involve outside system access through extortion, forced breach, or device hacking. Insider threats are deliberately perpetrated actions by employees.

Having a large share of one’s workforce operating remotely at any given time increases risk by reducing oversight of employees and security systems, creating less visibility into how staff are managing security and whether they are demonstrating trustworthy behaviors.

To counter internal and external cyber threats, chief information officers and other executive leaders should focus on two imperatives.

• Actively protect data, devices, and networks by requiring automated and intelligent safeguards tailored to enterprise security rules. This entails enabling devices to rapidly react to security threats in real time based on custom alerts and context derived from physical location.
  
  
• Adopt and enforce a leading security mindset known as “zero trust.” In other words, ensure enterprise devices are in a secure, trusted state before allowing users to access sensitive organizational resources. This mindset is driven by core principles: assume a breach; never trust; always verify; and allow only least-privileged access based on contextual factors.

Both measures require buy-in from senior leaders and other key stakeholders to be effective. But a proactive cybersecurity strategy can help organizations harness the immense benefits that hybrid and remote work models offer in terms of expanding talent pools, promoting a healthy work-life balance, and increasing productivity.