Security And Smart Working: How To Make a Digital Workplace Safe
Security and Smartworking must work in synergy. The new working paradigm, which effectively decouples the activity (work) from the place where it is carried out (office), was conceived some time ago to favor both the needs of businesses, which have always been looking for greater productivity and efficiency and those of employees, eager to improve work-life balance.
The availability of advanced communication and productivity tools means that people can work and be connected to the corporate ecosystem regardless of where they are and at what time of day. Working in a smart (or agile) way reduces daily travel by promoting environmental sustainability, empowers people, allows them to manage their working day better, and also has extraordinary benefits for companies, linked above all to savings on unused spaces.
Security and Smart Working: the challenges to Face
Smart Working brings with it important challenges for companies. When Covid broke out, most companies were forced to activate a sort of emergency smart working, activating SaaS collaboration tools and VPN networks and buying the greatest number of laptops, which soon became unobtainable. Within a few weeks, from 590,000 Smart workers in Italy, it went to more than 6 million, but (obviously) no cultural and organizational evolution path was prepared upstream. The result – far from negligible – was the maintenance of business continuity but not the increase in productivity or efficiency. In that period, the critical issues of smart working in terms of security also emerged clearly, made even more dramatic by a substantial increase in cyber attacks (especially phishing).
The security risks and vulnerabilities of smart working
So what are the vulnerabilities of smart working in terms of IT security? Several can be identified, but above all:
Use of personal devices
The BYOD (Bring Your Own Device) paradigm has grown in popularity with the advent of Smart working, but it must be managed carefully. In particular, you should create a logical and secure partition within your personal device and dedicate it to corporate data and applications. This is because private devices are rarely updated and are always at risk of malware. The consequences of a data breach, both at a regulatory (GDPR…) and reputational level, can be devastating for any business.
Connections from unsafe networks
Using insecure networks, there is always a risk that data will be intercepted, leading to the same nefarious consequences mentioned above. The traditional solution consists of virtual private networks (VPN, Virtual Private Networks), which represent an extra burden for the company and the employee. As we will see later, in the cloud era, we prefer to adopt (also) a different security model.
Unprotected communication channels
The data is disturbing: 75% of employees use WhatsApp to share company data. This practice, however familiar, is also hazardous. This is the greatest risk connected with Shadow IT, now rampant within companies.
In this case, WhatsApp uses end-to-end encryption, which avoids man-in-the-middle attacks, making the communication phase secure. The risks, however, do not go away because the weak link in the chain is simply moved from the communication channel to the smartphone. Exchanging business documents via WhatsApp means registering them on at least two devices: the source and the destination, but how protected are they? In addition, there is also a compliance issue: in which servers does the data transit, and where are the data centers located? What information do they store besides the IPs of the two (or more) interlocutors? Is it personal data?
Those mentioned are the most common sources of risk, but they are not the only ones. In the early days of the pandemic, for example, there was a significant increase in phishing campaigns precisely because personal devices were (and are) less protected from external threats.
Security and Smart Working: how to protect yourself effectively
How to protect yourself, therefore, from Smart working security threats? The topic is broad, but a high-level overview can still be provided. Modern security is a mix of technical protection measures and virtuous behavior. Especially in highly regulated verticals – think of pharma or the banking world – the technology adopted is highly evolved, which is why the weak link in the chain is always human. A key starting point for approaching security effectively is investing in awareness programs, ensuring they help build a real security culture.
More than traditional models based on perimeter protection is needed technically. The perimeter is fluid in smart working, and most of the daily use tools reside in the cloud. For remote access to the workstation, the VPN solution remains valid, despite the diffusion of more advanced solutions such as VDI (Virtual Desktop Infrastructure), which allow IT to manage – possibly through a DaaS model, Desktop as-a-service – all the virtual desktops of the employees, ensuring updates and centralized protection. As anticipated, the fact that most of the resources are in the cloud (think of collaboration platforms and document repositories) requires a rethinking of the security strategy and adopting models based on device and identity protection, no longer of the perimeter. So make way for remote management and protection systems for mobile devices and strong authentication mechanisms, essential to prevent a simple distraction from playing into the hands of the bad guys.
Together with you on the path to Smartworking
In N-Tech, we accompany companies along the path that leads to productive and safe Smart working. Our experience in managed security services makes us an excellent partner in the transformation process, to which we can contribute with a consultancy activity and all the enabling tools. The goal is to realize the maximum value of Smart Working, optimizing productivity, engagement of resources, and reducing risks. We know how to do it, and we are at your disposal to start this fascinating journey together.
Also Read : Is Cloud Computing a Good Career?