Working from home has become indispensable for many employees. After the practical test in the corona pandemic, employers also understand that the productivity of their employees in the home office does not decrease – they are even more productive than in the traditional office. Therefore, companies can continue integrating remote work into their way of working with a clear conscience and switch to a flexible working model to offer employees a mix of home and office. But this presents even IT experts with new security challenges.
The number of threats from cyberattacks of all kinds has increased rapidly in recent years – from phishing, ransomware, and DDoS attacks to social engineering. According to IDG, 66 percent of the IT managers surveyed confirm that employees working from home are exposed to more cyber risks. The number of employees working on private, unprotected devices (31 percent) is also alarmingly high under this premise. The IT help desk has its hands full to look after more and more problems of remote workers and protect them from cyber threats. But it is essential here to keep the measures as user-friendly and secure as possible. Employees should not be too restricted by the new “work-from-anywhere” and too many work steps.
Create A Strong Awareness Of IT Security
Whether remote, in the office, or the co-working space, all employees must be sensitized to cyber threats. IT managers should educate them about how malicious hackers act, which gateways they can provide them simply by choosing their passwords, and which steps and tools they can use to combat them. It is essential to carry out training for employees and give IT security a permanent place in the corporate culture. This is the only way to create an overarching security culture in the company, and employees understand the value of IT security if it is also explicitly lived. As a result, the employees also take on the issue of security and behave cautiously throughout their working hours. This minimizes the risk of the human factor as a security gap.
Solid Password Management As The Cornerstone
On average, every person has 30 accounts that need to be protected by passwords. Strong password management is essential whether at home, in the office, or anywhere else in the world. However, employees use a password an average of 13 times. Smaller companies, in particular, are struggling with this. This is the result of a recent study by the password manager LastPass on using passwords in the workplace. As a result, these login data still represent the most significant security risk in companies.
Suppose you consider that data breaches are the order of the day in the digital world, and it has been proven that 80 percent of data protection breaches can be traced back to weak and repeatedly used passwords. In that case, employees should be informed again and again about password hygiene.
Nevertheless, many users often use the same insecure passwords across different accounts. Unfortunately, the favorites still include sequences of numbers such as “123456” or key combinations next to each other such as “qwertz.” Combinations with numbers from the date of birth are also not a good idea. With a business password manager solution, companies gain more control over the password behavior of their employees. In this way, IT managers and users can avert violations in good time and keep the administrative effort as low as possible. Password managers manage all passwords that users set individually for a wide variety of accounts in a secure vault. This can only be reached with a strong master password of the user. Employees only have to remember one password. This avoids unsafe, simple passwords and the multiple uses of the same password in different accounts.
Single Sign-On And Multifactor Authentication As An Additional Security Layer
The advantage of such password managers: They offer additional functions, such as single sign-on (SSO) or multifactor authentication (MFA). With SSO, IT managers can reduce the effort of password management by significantly reducing the number of passwords to be managed. In this way, users can securely connect to the applications without having to enter another password. Companies can thus gain complete control over passwords and user access, provided the accounts are connected to a password manager via SSO. This gives the logins an additional level of security.
MFA also offers another level of security. When logging in, users have to enter another code in addition to the password. This is created at the moment of logging in and sent to another device of the user. A variant of this process uses biometric sensors for fingerprint or facial recognition. Only with this second level of security can the login process be completed by an MFA. Such procedures are very advantageous for IT admins because they no longer have to worry about insecure passwords from their colleagues to secure the company networks. The entire workforce is protected, but at the same time, can work both in the office and remotely without any significant loss of performance or complex security processes.
Network Access Must Also Be Secured
In most cases, working remotely also requires a VPN connection because easy use with a single access point and secure data transmission is very intuitive. According to the IDG survey, almost half of those responsible for IT (45 percent) admit that employees access unsecured WLAN networks. This is because the VPN connection is only slightly secured. IT administrators should also provide additional protection for these.
However, precisely the intuitive, simple properties of VPN make it highly susceptible to cyber-attacks. A set of stolen login data or a computer compromised by malware are enough to give hackers access to sensitive company data. In the worst case, they can encrypt them and demand a ransom. To prevent this, the VPN connection requires an additional security layer. Here, too, MFA comes into play for double protection. In this way, companies avoid unauthorized persons gaining access to the network – without additional, complex employee registration processes.
The Way To A Safe, Flexible Working Environment
Remote work has found its permanent place in working life after the pandemic and will retain its status in the long term. IT must therefore adapt to a flexible IT environment to keep the cyber risks increasing under control. The right tools and features support you in minimizing the risk of attack, while employees can work productively and securely from anywhere in the world without significant restrictions. Companies should take the riskier threat landscape from the home office seriously and rely on the right solutions to be prepared for a secure, flexible workforce.