Securing the new normal, Remote working

Fuelled by technological advancements and people’s changing desires and expectations with respect to flexible working and work-life balance, increased mobility and working from home were already big trends before 2020.

The added freedom provided by the combination of more powerful and affordable mobile devices, like notebook PCs, Chromebooks, tablets, and smartphones, and the almost universal availability of broadband and Wi-Fi, was driving rapid growth of mobile working.

Given that freedom, people were starting to work from just about anywhere. On the train or the plane, in coffee bars, from different offices, and of course, from home. But home working had never really taken off until the pandemic arrived. When it did, the mobile working trend massively accelerated and, significantly, shifted in the direction of home working.

During the various lockdowns that were subsequently imposed, everyone who could work at home, did work at home. As the months passed, the realisation grew – even amongst those who had previously been sceptical – that it could be practical and have many advantages, both for employees and for businesses.

All the talk now is of the new “hybrid” ways of working and many businesses are adopting this approach, where colleagues will spend some of their time working in the office and some of it at home. This will perhaps, become “the new normal” in the world of work.

This huge shift to home and hybrid working has brought many new security challenges. When people work in the office most of the time, it is relatively easy to keep them secure as they will be directly connected to the network – either through an Ethernet cable or Wi-Fi. When they are connecting remotely, from home or any other location, it’s not so easy.

Now, you may well ask: “What’s the difference? Almost everyone worked on their mobile devices before anyway?” Well, yes, that’s right, but they were not all working at home or remotely at the same time. And they probably weren’t always connecting into the central network – they would probably have done that only when they really needed to.

In the new hybrid world, with everyone connecting to the network remotely every day, all day, there are many different potential windows of opportunity that cybercriminals could exploit. If those connections are not absolutely secure, there is a real danger of infiltration.
In addition to this, there would have been a number of people who, prior to the lockdowns, had never worked at home prior to the pandemic and who would have always come into the office to work. These individuals may have moved their office PCs to their homes; or the business may have bought them a new laptop; or they might be using their own home computer to connect.

In all three cases, the security would need to be set-up properly for use in the home – and that might not be easy. Connecting remotely is entirely different to connecting locally. How would you get someone who was not very IT literate to install and set-up their security settings, for example?

Potentially, there may also be issues with the age and suitability if current equipment - both at the client level and at the centre. Old servers and networking equipment, or indeed security appliances, might not be capable of taking the strain.

In addition, the network infrastructure itself is fundamentally changed by hybrid working and this presents additional challenges. Previously there might have been tens of users working at home Suddenly, there could be scores or hundreds. With a large number of people working at home much of the time, the network is highly distributed. It does not have a definitive, physical structure anymore and there are many more entry points to it. Enforcing security policies and is not as easy as it would be if everyone is in the office and connected locally. It is harder to keep an eye on what people are doing online. It also takes longer to roll out updates and changes to security software and services.

The bottom line is that the growth and acceptance of working at home has added more complexity to the challenge of making the network secure. There is more potential for gaps to open up – as users log-on and establish connections and the digital defences are slotted into place. Individual users can be targeted, and the cybercriminals know that if they can get past one individual, they have a much better chance of getting into the main network.

Cybercriminals are smart. They adapt to changes in the market and the working environment as we all do. They are well aware of the increased vulnerability that’s come as a result of home working, and we’ve already seen plenty of examples of this potential weakness being exploited.