Hybrid and remote working have become a permanent feature for the majority of businesses, as shown by multiple studies. However, for IT teams changing working models represent a challenge. Security professionals must adapt controls to a world where the perimeter is distributed, and users can log into corporate resources from any network and any device. In fact, support for hybrid and remote workers was named as a key reason for increasing IT budgets this year according to Foundry’s 2023 State of the CIO research.
There are a range of tools that security teams can use to protect users and devices. These include basic endpoint detection and response (EDR) capabilities, which monitor user devices for potential security threats. They also include more advanced approaches, such as HP Sure Click, which opens untrusted websites and files in isolated virtual containers, where they can be dealt with safely.
However, a report from HP has found that since working from home more, users have increasingly been cutting IT out of the loop. Shadow IT, the use of unsanctioned technology by employees, is becoming much more of a security risk.
This problem is not one that IT can solve by itself. There are several things that employees should be doing to protect the enterprise when working from home. And it’s in their interests to do so: a security breach caused by bad practices by an individual could cost them their job or at least see their home working rights significantly curtailed.
Here are five ways in which workers themselves can play a role in securing the enterprise when working remotely:
- Ensure new devices are checked by IT. Research from HP suggests that 43% of workers are happy to use devices without first running them by IT. Employees should see it as their obligation to report any personal devices they intend to use to IT.
- Don’t click on suspect links. This may sound hackneyed, but employees continue to click on malware (according to HP 21% have done so since working from home). The simple rule of thumb needs to be: ‘if in doubt don’t click’.
- Use the tools IT provides. Controls like HP Sure Click are powerful in protecting against even the most sophisticated malware and viruses. However, they can only do their job if people are using them. If IT has put in place a secure browser, users must be made aware of their obligation to use it – regardless of whether it’s their favourite browser or not.
- Collaborate with IT. In the age of home working, it’s vital that workers have a collaborative approach with their IT teams. If they have concerns or need advice, they should feel able to contact IT through clear channels of communication, rather than just waiting for IT to contact them.
- Adapt to zero-trust models. Finally, users need to embrace a new world where remote access to corporate resources is tightly controlled by IT and based on strict identity-based authorisation. Zero-trust means adapting to least-privileged access and other operational models that may be new to the user.
However, there is only so much that users can be expected to do. The overriding obligation remains with IT to ensure the security of users. HP believes this means taking a hardware-based approach to security.
In this approach, where possible IT teams provide employees with devices that have security capabilities built into the hardware. For instance, remote recovery capabilities and self-healing firmware can help recover devices in the event of compromise. That means IT can have greater confidence to remove restrictions and approve more access requests, helping to make remote and hybrid working a success.
To read more about digital security for the world of anywhere work, click here.
Security
Read More from This Article: 5 tips for securing your remote workspace
Source: News