How to Balance Remote Work and IT Security

The first side of the equation is defending the devices themselves. Networks are like chains – only as strong as their weakest link. If even one smartphone, tablet, or laptop is compromised, it can open a door to the entire network.

Maintaining a firewall around an office of desktop computers funnelled through a company server is relatively simple. It’s more difficult when employees are at home, and you lose control of how they connect to company servers and organizational data.

Issuing work-specific devices can at least ensure the correct security software is installed and configured correctly. They can also be set up to enforce best practices like using Multi-Factor Authentication (MFA) – which means your password is supplemented with a second or even third form of identification.

With measures like these in place, company data should be protected, even if accessed via unsecured, unmonitored connections. The problem comes when employees start using their own devices, or public services, to handle organizational data, without IT even knowing about it.

And that’s a sizable problem: 67% of IT security practitioners are unable to detect which employees use insecure mobile devices.

The other side of the equation is arguably trickier: 58% of inadvertent data breaches are caused by human error. The FBI’s latest internet crime report recorded double the number of phishing incidents in 2020 vs 2019 – and 11 times the number of complaints. All it takes is one person to click one malicious link and suddenly an entire organization is compromised. That’s why it’s so important to have software which automatically prevents users from making these mistakes – Microsoft blocked 13 billion phishing attempts in 2019.

It’s undeniable that there is a need for education, alongside upgraded technology. Cyber-criminals are getting more sophisticated, adopting new techniques that make phishing harder to detect, such as posing as CEOs, or spoofing well-known companies. Even tech-savvy eyes can be fooled by this new breed of attacks.

But there is also a balance to be struck between security and usability. When staff are simply trying to do their job, it’s easy to see why they might circumvent carefully planned secure file sharing in favor of a free file transfer site when deadlines are tight, and the system isn’t cooperating. If corporate devices, servers, and protocols are getting in the way of getting things done, they can’t be blamed for finding an easier path.

But doing so could put sensitive data at risk – all without IT having the chance to act before it’s too late.

Securing a hybrid network – part on-premises IT, and part remote employees – requires a holistic approach. Businesses can no longer confine employees to physical computers in physical premises, but they can create an analog in the cloud.

All-encompassing platforms like Microsoft Enterprise 365 provide every application office workers need – and are likely already familiar with – curtailing the chance they’ll want to circumvent them. Running on Microsoft Azure, they’re all protected with class-leading cloud security.

Integrated in the solution are advanced security tools for IT to take a proactive prevent, detect, and respond approach – with detailed analytics to understand how users are approaching security, and where vulnerabilities lie; including potential knowledge gaps.

Businesses cannot keep their staff in one place. But by keeping them in the same virtual workplace, they can still protect the network.

Find out more about how to create a new culture of work in your organization with Microsoft.