At a time when companies are looking to save money, employees are searching for a better work-life balance and hackers are taking advantage of the evolving threat landscape, the ‘work anywhere’ model will continue to deliver benefits for leaders who stay on top of the different aspects of security. In this article, we list three important aspects of solving the security puzzle.
Listen and Adapt to the Modern Workforce
The modern workforce has adapted extremely well to the remote work environment, and continue to prove its benefits in productivity, meeting efficiency, talent acquisition and reduced spend on facilities. To continue achieving these benefits and retain talent, leaders must ramp up companies’ transformations into remote-friendly environments, designed to allow employees to thrive.
A shift in management style becomes necessary as leaders realize they need to lead based on outcomes not observations. In today’s ‘anywhere work’ environment, observation leadership is causing managers to implement spy-like tools that create a feeling of distrust among employees. Instead, outcome-based leadership can have a positive effect on employee morale and company culture while developing better managers, as leaders are required to clearly identify the measurable objectives that lead to organizational success.
The same leadership philosophy that leads to spy-like tools also leads Information Security teams to lock down technology to the point it no longer achieves its goal: to simplify work. IT security policies that render technology unusable will ultimately make organizations less secure. If IT and InfoSec teams do not provide a path to productivity, employees will find one — most often by using their unsecured personal devices.
Unless organizations present a compelling solution, such as partitioning a personal device to keep privacy, people will find a way to be preserve their way of work with or without IT approval. In short, IT and InfoSec teams need to work together on implementing technology that empowers productivity, protects privacy and fades into the background.
Stay up to Speed with the Evolving Threat Landscape
Just as the modern work environment has vastly changed, the threat landscape has evolved with just as much speed. Bad actors have been encouraged to develop clever, novel ways to continue targeting devices and users in their quest to obtain valuable organizational data.
When users are productive across various device types, they may encounter multiple threats daily while working with organizational resources. To mitigate this, businesses have worked to distribute their security services to the endpoints that produce and consume data and to the cloud applications that store and use data. Meanwhile, users themselves are targeted more aggressively, exposing a type of vulnerability that cannot easily be shielded from attacks. Attackers use the veil of well-known brands, such as Apple, PayPal and Amazon for example to trick users into giving access to corporate applications.
These attacks, known as phishing, remain the number one threat to the safety of organisations digitally. According to research by Jamf Threat Labs, remote workers are 26 times more likely to encounter a phishing attack than to come across malware. Lack of information and education around cybersecurity may leave technology users exposed.
A holistic security strategy should not only focus on outside-in risk, but address risk that arises from end user behaviour. By providing a Bring Your Own Device (BYOD) device ownership model, companies allow employees to work from the device they are most comfortable with and productive on, with a layer of security that can protect sensitive work applications and preserve user privacy. Moreover, user education should not be overlooked. By training users to recognize a vast array of phishing attack techniques, employees can become the next robust layer of defence.
Don’t Overlook the Basics
When planning the implementation of a security framework, business must not lose sight of the basics. They should start their security journey by evaluating use cases and define must-have requirements, to procure solutions that won’t hinder productivity and that work for the device ecosystem they are using.
Secondly, companies must look at how to ensure device hygiene and foster security best practices. Using a device management tool that guarantees the organization can configure settings, enable critical security features, and wipe contents in the event of a stolen or lost device is critical for the security of devices and data. In addition, employee devices must be monitored over time, not just at initial provisioning. IT teams need a to be able to undertake ongoing security and compliance checks without over-managing and encroaching on user privacy. A security tool that works on any device employees choose, managed from the same portal to protect desktop, laptop and mobile users, can save security operations teams the headache of extra admin work.
Finally, a multi-layered defense strategy, capable of addressing both external cyber threats and usage behavior risks, is best to provide a holistic coverage of security needs. To achieve this level of protection in the past, companies had to use products from multiple vendors. Today, there are much better options. By procuring a solution that provides constant detection of evolving threats, businesses can stay on top of potential attacks, while allowing employees to get on with work.