Plugging holes remote work punched through security
Mike Arrowsmith, chief trust officer at NinjaOne, makes the case for a permanent shift in the way businesses conduct remote security.
The benefits of a flexible work environment continue to dominate the headlines — and for good reason. A study from the Pew Charitable Trust highlights that working from home is still fairly common even after most COVID restrictions have been lifted. The big difference is that now most teleworkers do so by choice. We are clearly entering a new phase of the work-from-home evolution.
To find out how a shift in working styles impacts companies’ security posture, NinjaOne surveyed 400 employees in regulated industries. The accompanying report, Hybrid Work in 2022: How IT is Managing the New Challenges of a Flexible Work Environment, highlights that many organizations are still too cavalier when managing technology that enables hybrid work. And if policies and technology don’t match the reality of how and where people work, companies are left vulnerable.
A permanent shift requires permanent action
While some companies have asked their staff to return to the office, many still provide flexibility regarding where and how their employees work. For the most part, this is what employees want. Less than 10% of respondents to NinjaOne’s survey said working in an office five days a week was their preferred working model. The shift toward remote work is here to stay, so it’s time for companies to rethink their technology stack and the policies that manage it.
SEE: Mobile device security policy (TechRepublic Premium)
Investments in technology that support remote workers skyrocketed during the pandemic’s start. It was a quick shift that required swift action. Many of the luxuries that come with technology implementation in “normal times” are not afforded to companies during a crisis. Technologies were rolled out without the typical level of testing or the ability to communicate changes to end-users properly. It got the job done, but now it’s time to reevaluate these implementations and ensure companies are not opening themselves up to undue risk. If not, the risk of a breach increases, which can have devastating consequences in terms of customer trust, hefty fines, and even loss of contracts and deals.
It’s time to make a change
According to the Hybrid Work 2022 report, it’s likely that there are some areas of your business that are not fully prepared to support and protect your organization in a remote-first world. To get you started, here are three recommendations that you can start implementing today.
Find the right balance for good collaboration
Remote workers want to feel connected to their co-workers even if they are not in the same room. If IT can understand what tools employees use (or want to use) to connect with their colleagues and incorporate them into their tech stack, it limits the use of shadow IT.
Shadow IT is a common problem. 25% of respondents use non-approved software, and 27% use non-approved communication channels for work. Providing technology that employees want to use (not just want management prefers) is key to any successful business — it helps employees get their job done while ensuring all tools are appropriately managed.
Communicate roles and responsibilities
Employees should have the same support level regardless of where they work. But where should they turn if they can’t physically walk to IT and ask for help? Employees must know how IT can support them and whom they should turn to for help.
The study found that more than 30% of employees are responsible for managing communication channels, updates, IT security and bug fixes, or do not know who is the right contact person. Further, 45% of respondents either were provided with minimal or no rules and formal guidelines, or they weren’t aware of this information since working in hybrid working setups. These numbers are entirely too high and need to be addressed.
IT must also communicate why cybersecurity is everyone’s responsibility and why new policies have been implemented. Verbalizing the risk that employees might put the company, customers, and co-workers in if they don’t follow cybersecurity best practices can make all the difference.
Manage endpoints effectively
More employees working from home leads to more remote devices interacting with company data. All endpoints — a phone, computer or tablet — must be appropriately managed and secured. A unified IT management tool makes it easy for even the most resource-constrained IT departments to manage hundreds or thousands of endpoints at any given time. With intelligent automation capabilities, manually updating, configuring, and managing endpoints is a thing of the past.
How to begin shifting security
Providing employees the ability to work when and where they choose can be a good business decision, but it can also open a company up to undue risk. The good news is that when the proper steps are taken, allowing employees to work outside the office regularly doesn’t have to be a liability. It takes some strategic planning and ongoing support, but properly supporting remote workers and improving a company’s security posture is well worth the effort.
Mike Arrowsmith is the Chief Trust Officer at NinjaOne where he leads the organization’s IT, security and support infrastructure to ensure NinjaOne meets customers’ security and data privacy demands as it scales. Prior to NinjaOne, Arrowsmith held top security roles at Guardant Health and Splunk, where he focused on managing and scaling IT and security teams. Arrowsmith brings a deep understanding of how high-value, fast-growth companies can navigate security challenges, embed a culture of security, and bake data ethics into everything they do. Most of all, Arrowsmith has an unrelenting focus on customer experiences and is heavily involved in product development at NinjaOne, bringing a “company zero” mentality to his team.