The remote workforce exploded in this past year, due to work-from-home mandates caused by the COVID-19 pandemic. This forced companies to adapt a remote work model, with little to no remote infrastructure.
For most businesses, the goal was simply to get users up and running remotely. Unfortunately, many compromised on security to get there.
A Big Demand for BYOD
To compound the issue, the availability of laptops and mobile devices was constrained by supply chain shortages, forcing many users to use what they had at home or purchase consumer-grade hardware to get their work done. This rise in BYOD (Bring your Own Device) also lead to exposing companies' networks to the outside world. Not surprisingly, attackers saw this trend as well, resulting in a significant increase in cybersecurity breaches over this past year.
These new events caused a huge demand for support for IT departments and MSPs (managed service providers) like us here at GRIT. Our team alone set up thousands of users to work remotely in a matter of weeks. Having devices remote into business networks properly is essential. To protect networks, we like to use Open VPN and back it up with DUO’s 2-factor authentication app (2FA). For more information on how this combo can work for you, check out the video below.
The Struggle is Real
The struggle many businesses are facing now is how to best manage BYOD computers and devices. The grey area between what security measures companies can require on employee personal computers is fuzzy for most. The lines between our professional and personal lives have blurred and that includes our online behavior.
Companies will need to decide what direction they are going to take in the management of their networks. Users going about their normal online activities like they would outside of work while connected to their companies' networks is a potential recipe for a cybersecurity breach. This leads to the question, what is the best way to manage these devices?
To BYOD or Not BYOD
Some may argue that one solution to this problem is to have companies issue PCs to users for remote work. Since this is company property, companies can deploy the security toolsets that they need for these devices with no issue. For most this seems like the best approach, as organizations can have full control over the hardware that connects to their networks.
That said, with this option there is a large investment in hardware, that will need to be lifecycle managed and controlled. However, there is a greater level of security and simplicity to the network that can be achieved with this option.
On the other side of the argument, many companies are looking at BYOD as a great opportunity. Employees can do their work on the computer of choice. There is also a huge financial savings for companies, in this scenario as they do not have to buy computers for their employees.
With this though comes a lot of complexity for IT support Systems and higher security risks for organizations. What are you going to do to make sure that your company information is kept secure? Companies will need to determine how to best secure confidential information before an employee agrees to use their equipment for work.
What we find is that BYOD may work well for smaller companies. However, we do not recommend that companies to make their decision based purely on the convenience and cost factors. Companies need to think about how a BYOD policy will impact their business in terms of privacy, company data safeguarding, security, and IT support. Looking to the future and making decisions about how to handle these devices when an employee leaves your organization is also something companies need to consider.
The Remote Worker is Here to Stay
No matter if you are a company that supplies its employees with company-issued equipment or allows BYOD, focusing on cybersecurity in this environment is everyone's job. Tools to educate users on the ever-changing landscape of cybersecurity are a part of the services that we offer at GRIT.
More than half of data breaches over the past year involved insider threats. This includes employees who have unintentionally allowed a breach because of bad cybersecurity hygiene, from using unauthorized devices to falling for increasingly sophisticated phishing scams.
One thing is clear is that the remote worker is here to stay. Just as companies have introduced measures to support the physical and mental well-being of their employees, they should educate and support their employees to help them better understand cyber safety while working outside the office.