The world of work has changed dramatically since the pandemic of 2020 with remote and hybrid employment playing an enduring and increasing role in organisations both large and small, multinational and niche.
Staff in this 'working from anywhere' culture balance career and lifestyle, commitment and flexibility, communication and self-sufficiency. And yet many remain first and foremost part of a team or business unit and therefore have the same responsibilities and obligations as traditional office-based employees – including with IT and data security.
"Since 2020 we all have new work habits," says Alexandra D'Archambeau, IT Advisory Director with RSM Belgium. "During the pandemic people were not at the office, not talking physically for lengthy periods of time, and staff onboarded during that period might never have met their colleagues."
And this new way of working carried new risks: phishing, social engineering, increased levels of cyber-crime, and security of data whether digital or traditional.
"There are dangers and responsibilities that come with working from anywhere," says D'Archambeau. “Awareness is key, and requires solutions that govern practical steps, operational matters and security protocols,” she adds.
What are the security considerations and measures for individuals engaged in remote and hybrid work?
“Issues of security are particularly important,” says D'Archambeau, “and must be discussed and outlined as part of a successful 'working from anywhere' culture.
“Awareness plays a big part in both the real world and the digital, so remote workers must understand the risks of phishing and social engineering as well as the folly of leaving a desktop unlocked and unsupervised, even for a very short period of time.
“Free Wi-Fi is also an issue and is simply not a safe and secure platform. It is important to create policies and guidelines to prohibit the use of such networks, which extends to hybrid as well as remote," she says.
Public areas can also be a risk. Being overheard, and having your screen overlooked – these are important considerations against a background of client or internal confidentialities, and there are risks inherent in a co-working, cafe or airport setting. Best to consider controls including privacy screens.
Virtual private networks are also a key consideration. "We would recommend VPNs as mandatory even in hybrid models but especially for those working in multiple locations," says D'Archambeau.
File sharing also deserves scrutiny, with a focus particularly on encryption as opposed to email attachments. A related issue is secure physical document management and the need to shred or, better yet, prohibit printing in the first place. "Data loss via printed materials is a risk to be considered," warns D'Archambeau.
How does remote work affect cybersecurity?
For IT, a remote worker linked into a company network can create challenges of time, geography and hardware. Normal service desk hours will often not overlap with problems in another time zone, for instance, raising questions about synchronised remote workdays or longer on-call rota for IT personnel.
“And what about technical hardware issues with company equipment? Is there a trusted remote third-party repair, will travel back to the HQ IT team be necessary, what about associated time-lost, who covers employee insurance – these are some of the many considerations,” says D'Archambeau.
Other issues must also be tackled: the responsibility for ensuring stable and secure wifi, password reset protocols – many of those required a regular sign-in to office-based networks, for instance – and software. On the latter, a number of countries have banned certain platforms – Google, say, or WhatsApp – and this could cause problems and challenges to productivity, depending on protocols elsewhere.
"Solid agreements need to be in place between remote or hybrid workers and employers," says D'Archambeau. "Everything signed off, no surprises on either side, with clear policies and procedures that futureproof the arrangement."
Best cyber security practice for remote workers
Remote workers are here to stay, dramatically altering the employment landscape. Managing the IT and security issues this 'working from anywhere' culture creates is about being proactive, communicating expectations clearly, and tackling any problems head on.
“Whether operational challenges, practical matters or data security – employees and employers will,” according to D'Archambeau, “benefit from a realistic framework that establishes responsibilities, protocols, processes and red lines. There is much to gain from remote and hybrid working, and little to fear, with the right measures in place.
“RSM Global Employment Services understands this landscape,” says D'Archambeau, “and stands ready to offer the kind of expertise and advice that will maximise the opportunities while minimising the risks.”