Protecting Data In The Remote Working Era

Uploaded on 2024-06-13 in Directors Reports

Protecting Data In The Remote Working Era

Research Report: This article is exclusive to premium customers. For unrestricted website access please Subscribe: £5 monthly / £50 annual.

The paradigm of traditional workspaces has undergone a seismic shift after the Covid pandemic. 
As a result, remote work has emerged and has become a dominant trend, requiring human resources departments to pivot faster than ever before. 

Consequently, the importance of remote working has increased in recent years and organisations have started to provide this opportunity to their employees as an option. It is seen that the new generation employees especially prefer to work remotely. 

The Covid pandemic accelerated the regulations regarding flexible working models in the organisations and change the transition to home/remote working practices all over the world, the business models that will continue after the pandemic, and the concept of working life.

Recently the professional landscape has undergone a radical transformation. The traditional 9-to-5 office routine is gradually giving way to a more flexible and dynamic remote work model. The advent of technology and the rise of the Internet have paved the way for individuals to embrace a location-independent lifestyle. As the world becomes our workplace, the concept of a mobile office has gained immense popularity. 

Currently, 12.7% of full-time employees work from home, illustrating the rapid normalisation of remote work environments. Simultaneously, a significant 28.2% of employees have adapted to a hybrid work model. This model combines both home and in-office working, offering flexibility and maintaining a level of physical presence at the workplace

Remote Work Trends in Different Countries

Europe  

In Europe, several countries are at the forefront of enacting flexible work laws: 

Denmark:  Denmark has a comprehensive system of employee benefits under Danish employment law. Additionally, the country offers a range of perks that are highly sought after by potential hires.

Netherlands:  In the Netherlands, employees enjoy flexible working arrangements, digital disconnection rights, and a strong focus on occupational hazard prevention. Professional training and promotion opportunities are also widely available.

Germany:  Germany is poised to make remote work a legal right. A study has shown that each employee who works remotely half the time can save employers around $11,000 annually.

Asia

In Asia, several countries are also embracing remote work:

Singapore:  Singapore is a hub for multinational corporations and offers a strong infrastructure for remote workers.

Malaysia:  Malaysia is another attractive destination for remote workers, with a warm climate, affordable cost of living, and a growing community of digital nomads. 

Thailand: Thailand is a popular choice for remote workers due to its affordable cost of living, vibrant culture, and abundance of co-working spaces.

USA

By 2025, 32.6 million Americans will work remote by 2025 Looking ahead, the future of remote work seems promising. According to Upwork, an estimated 32.6 million Americans will be working remotely, which equates to about 22% of the workforce, by 2025,. This projection suggests a continuous, yet gradual, shift towards remote work arrangements.

Key Remote Work Statistics

As we navigate through the ever-evolving world of post-pandemic work in 2023, several key remote work statistics stand out. They not only offer insight into the current state of remote work but also provide a glimpse into its future.
As of 2023, 12.7% of full-time employees work from home, while 28.2% work a hybrid model This model combines both home and in-office working, offering flexibility and maintaining a level of physical presence at the workplace.

Despite the steady rise in remote work, the majority of the workforce (59.1%) still work in-office. However, the future of remote work suggests a continuous, yet gradual, shift towards remote work arrangements. 

  •  98% of workers want to work remote at least some of the time. Interestingly, workers’ preference for remote work aligns with this trend.
  •  98% of workers expressed the desire to work remotely, at least part of the time. This overwhelming figure reflects the workforce’s growing affinity towards the flexibility, autonomy and work-life balance that remote work offers.
  • 93% of employers plan to continue conducting job interviews remotely. From the employers’ perspective, the acceptance of remote work is evident as well. This indicates a willingness to adapt to virtual methods and signals the recognition of remote work as a sustainable option.
  • 16% of Companies Operate Fully Remote. These companies are pioneers in the remote work paradigm, highlighting the feasibility of such models and paving the way for others to follow.

But with such a significant increase in remote roles, how can employers ensure their data remains protected? The experts at application security company Indusface have provided their specialist insight to help employers ensure their data remains safe with the increase in remote roles.

Key Ways Of Protecting Company Data In Remote Settings

Provide Company Devices:  Though it might seem obvious, providing company laptops and phones where possible allows a business to fully manage and secure the devices being used to access company data. 
Moreover, it is highly recommended that all your devices be updated and encrypted with SSL certificates.
If it is not possible to provide employees with devices, at the very least employers should ensure that workers have access to everything they need to secure their own devices, such as company-provided anti malware software. 

Scan and Penetration Test Applications:  Penetration testing is one of the best ways to protect against data breaches as it simulates real-world attacks on systems, highlighting vulnerabilities that could otherwise be exploited by hackers. It is especially critical to check for privilege escalation attacks, whereby an attacker will exploit vulnerabilities to access a system or application with limited privileges, and then elevate their access rights to access high-level, sensitive data.

Building defences against these attacks will ensure that even when a remote employee’s credentials are compromised, the access to critical applications is limited to the user’s primary role.

Utilise VPNs Across the Business:  With data breaches costing businesses an average of $4.45 million in 2023, it is vital to invest in tools that can cover vulnerabilities. As a defence against the risks that come with employees accessing work materials via unsafe home and public networks, all workers should be encouraged to use a virtual private network (VPN). This software is easy to implement and protects data that could otherwise be vulnerable to attacks over an open network.

Deploy a Web Application Firewall:  Alongside using a VPN to protect your connection and traffic, it is prudent to utilise a Web Application Firewall (WAF) to protect web applications from attacks. Employers should deploy an AI/ML based WAF that detects anomalies and blocks illegitimate requests even if they are made through an employee’s credentials that were compromised.

Employ Encryption Software:  Encryption software is able to provide some peace of mind when it comes to the data breach risks of remote working, as encrypting sensitive files means that even if someone were able to steal them, they would not be able to access the data or content. Employers should create security policies that ensure all workers, especially remote workers, are aware of how to encrypt files and when it is necessary. Furthermore, routine checks can be done to ensure this is being followed.

Strict Password Management:  Ensuring strong password management across the business is a key component in minimising the risk of data breaches, as research shows hackers rely on weak passwords when brute forcing PoS terminals. This includes using automatic password generators to create safe and secure passwords, as well as ensuring that passwords are unique and never duplicated across multiple accounts. 

For sensitive data, employees should always implement multi-factor authentication (MFA), requiring users to provide multiple methods of verifying their identity.

Rigorous Access Controls:  In order to control access to sensitive data and minimise the risk of a security breach, employers should apply the principle of least privilege when it comes to access control. This means only allowing users access to the specific assets that they require for their work. Moreover, files should be removed when they are no longer needed and access should be revoked as soon as it is no longer necessary, such as when an employee leaves, or someone’s involvement in a project is over.

Provide employees with what they need:  A major risk of remote working is that employees may implement tools, systems, or habits that are not sanctioned by the company in order to make their jobs easier. This could include using risky apps and tools, sending files via unsecure channels, or storing assets somewhere unprotected.

The most effective way to avoid this risk is to provide remote workers with all the tools they may need to do their job effectively and ensure that they are aware of all the approved platforms that they have access to. It should be an integral part of security policies to approve web app purchases and free downloads, mitigating the risks that come with using a combination of open-source CMS and cloud-based apps.

Fully prepare and train remote workers:  Employees can implement endless security strategies, but efforts will be futile unless remote workers fully understand what the procedures are and why they are important. In 2023, over 352 million individuals were affected by data compromises, highlighting just how critical it is for organisations to provide employees with comprehensive training on what constitutes sensitive data and how they can protect it, as well as what is at stake if they don’t. Training doesn’t have to be dull, for example setting up phishing email simulators to engage the team and allow them to see the potential dangers in action.

Regular training and guidance will ensure that remote workers are equipped to do everything they can to keep company data safe.

Founder and President of Indusface, Venky Sundar, comments on the data security risks that come with increased remote working “Remote working means people are working in less secure environments and their devices are more exposed to data breaches both digitally and physically. “Many remote workers are using the same device for professional and personal use, or even accessing company data on devices shared with other household members.

“Employers can no longer rely on the security strategies that were designed for in-office working; data is no longer just being accessed under one office roof where IT can supervise... “It is crucial that employers prepare for this new way of working and protect themselves from vulnerabilities... “Defences such as firewalls, pen testing, and VPNs are more critical than ever.”

References: 

Forbes:    Outdefine:

Guardianstorage:

Indusface:    Izmiite:

Researchgate - Bal & Bulgur:

IfaMagazine:   ManagedIT Mag

Image: magnetme

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible




 

« Cyber Criminals Do Not Care Who Falls Victim
AI-Generated Misinformation - A Growing Concern For 2024 Elections »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Redcentric

Redcentric

Redcentric is a leading UK IT managed services provider. We deliver managed IT, cloud computing, data backup, information security services and managed networks.

Payload Security

Payload Security

Payload Security's VxStream Sandbox is a fully automated malware analysis system.

JPCERT/CC

JPCERT/CC

JPCERT/CC is the first Computer Security Incident Response Team (CSIRT) established in Japan.

DTS Solution

DTS Solution

DTS Solution delivers advanced cyber security solutions through is technology partnerships with industry leading security vendors and advanced consulting services.

Ponemon Institute

Ponemon Institute

Ponemon Institute conducts independent research on data protection and emerging information technologies.

ReFoMa

ReFoMa

ReFoMa is a consultancy and advisory company with a focus on information Security.

Sopher Networks

Sopher Networks

Sopher is a secure communication and collaboration platform for business and personal use.

Data Eliminate

Data Eliminate

Data Eliminate provide data destruction, secure end-of-life IT asset disposal, and data protection consultancy services.

CRI Group

CRI Group

CRI Group excels at deterring, detecting and investigating crimes against businesses using a global network of professionals specially trained in Anti-Corruption, Risk Management and Compliance.

Advantex Network Solutions

Advantex Network Solutions

Advantex Network Solutions are a leading provider in Mitel, IT Solutions, Networking, and iP surveillance.

Progress Partners

Progress Partners

Progress Partners is a corporate advisory firm that works with buyers and sellers of emerging growth companies to complete M&A or private placement transactions. Our sectors include cybersecurity.

Valeo Nertworks

Valeo Nertworks

Valeo Nertworks is a full-service Managed Security Service Provider (MSSP). We partner with organizations to remove the burden of technology so that they can focus on growing their business.

Arcserve

Arcserve

Defend your data with Arcserve all-in-one data protection and management solutions designed to be the right fit for your business, regardless of size or complexity.

Appknox

Appknox

Appknox is the world’s most powerful plug-and-play security platform that helps developers, security researchers, and enterprises to build a safe and secure mobile ecosystem.

AT&T Cybersecurity

AT&T Cybersecurity

AT&T Cybersecurity’s Edge-to-Edge technologies provide threat intelligence, collaborative defense, security without the seams, and solutions that fit your business.

CyberAI Group

CyberAI Group

CyberAI's mission is to pioneer the evolution of the cybersecurity landscape globally, by strategically acquiring and elevating IT consulting firms into leaders of cybersecurity innovation.