The number of employees working from home has drastically increased over the past two months, and employers are starting to realise the benefits. In fact, 74% of CFOs intend to shift some employees to remote working permanently, according to Gartner. Allowing employees to work from home was previously used as a method to reduce overheads and as an employee incentive to reduce staff turnover.
Now, however, working from home has become the new normal, and as the workforce becomes increasingly disparate geographically, cybersecurity needs to be higher up on the executive agenda. Organisations need to have the appropriate cybersecurity measures to empower employees to work remotely, whether it be from home, in an office, or on the move. CFOs have the ability to facilitate a conversation with CIOs and CSOs to avoid incurring any additional costs from unnecessary IT help desks and data breach fines. Simon Biddiscombe, CEO of MobileIron, outlines the risks of remote working and potential safeguards.
Not only does increased working from home present organisations with a significant cybersecurity risk, it also has the potential to limit productivity. The Office of Budgetary Responsibility has estimated that the financial services may see a 5% drop in productivity whilst enforced working from home policies are in place. CFOs need to carefully balance budgets to ensure productivity whilst maintaining the benefits of remote working.
Traditional cybersecurity principles are archaic and dangerous and threaten corporate resources. The on-premise perimeter has been decimated by a general shift to cloud applications and mobility, and the recent surge in remote working has only emphasised this shift. As more employees use personal devices and networks to access business applications, the line between business and personal data is becoming blurred.
CFOs need to carefully balance budgets to ensure productivity whilst maintaining the benefits of remote working.
Additionally, cybercriminals are already exploiting the relaxed security measures brought about by the sudden need for organisations to shift a large part of their workforce to teleworking, as shown by a Europol report. If a bad actor penetrates a device through a personal channel, what is to stop them from breaching a business application?
The Security Foundation
Organisations need to increase their governance over the devices being used to access corporate data. A unified endpoint management (UEM) platform allows IT teams to secure, manage and grant authorised users, devices and apps access to corporate resources and networks. UEM also provides visibility and insights into usage and patterns that IT can use to determine and enforce compliance. As financial services employees work from home, having this level of visibility over employees’ personal devices is just as important as having control over corporate devices if they are using business applications.
UEM separates the corporate digital workplace from personal activities on a device. This is done by containerising and protecting data and applications through application sandboxing. Device encryption can also be deployed so only authorised users can access crucial data. For instance, when banking staff return to work, a corporate scanning app can allow managers to scan a customer’s ID and passport with a smartphone camera.
Integrating threat detection management with a UEM platform allows for continuous enforcement and protection of data, both on the device and on the network. AI-based software constantly assesses the risk a device poses to a company’s ecosystem as a whole through its entire life cycle. Having this 24/7 capability allows IT teams to mitigate any threats should they arise, resulting in a more secure remote work experience and increased productivity.
Security systems should be reviewed to ensure that all networks, devices, and applications are verified before access to crucial business data is granted. As we look for COVID-19 exit strategies, there is a clear need for any cybersecurity solutions to be scalable to accommodate the fluctuating numbers of remote workers in the future.
The accessibility of UEM means it is a highly scalable solution. The enrolment process is as simple as downloading an application and updating a device. Additionally, employees can use a self-service portal to track, add, or remove devices they have under management. If the user needs to retire a device, unenrolment can be initiated immediately. In the event that a device becomes compromised, IT teams can wipe business related applications to remediate the threats. This ability to deprovision devices remotely and selectively delete data is critical for an end-to-end device life cycle management program.
In order to be as agile as possible and still meet businesses essential security requirements, UEM platforms are widely available on a software-as-a-service (SaaS) basis. A subscription-based SaaS model provides CFOs more flexibility in their payment structure as they are only required to pay for what they use instead of paying a large upfront cost for a fixed number of software licences.
A subscription offering of UEM generally gives CFOs a better return on investment. Maintenance and support are usually included in the service provided, making the need to purchase a separate maintenance and support contract redundant. Software updates are included in a subscription, helping organisations stay current with the latest capabilities and ahead of potential threats.
As we look to the future, one thing is clear: business solutions need to remain agile. COVID-19 has shone a light on the need for agility when it comes to the enterprise cybersecurity, and CFOs should embrace these solutions.”