The results are in: Remote work is here to stay. With 82% of companies green-lighting remote work post-COVID-19, the race is on to secure flexible work environments for the long term.
In their 2020 Remote Work From Home Cybersecurity Report, PulseSecure reports that 69% of companies anticipated that remote work would present new security risks—a reality quickly realized with an uptick in cybersecurity attacks and COVID-related phishing scams.
As a result, 55% of companies plan to increase their budget for secure remote work. The investment is definitely worth it when you consider the estimated remote-work impact on the overall cost of a data breach totals $137,000 annually.
Below are five steps you can take to ensure that the work-from-home environments for your employees—and your data—stay secure.
1. Secure Employees’ Networks And Devices
Remote work presents your IT teams with the challenge of securing employee devices, connections, and, by extension, your data outside the security of your normal in-office environment.
“More employees working from home means more devices connecting remotely,” says Juta Gurinaviciute, chief technology officer of NordVPN Teams. “As a result, businesses’ control over data is slipping rapidly. This is why it’s so critical to understand what remote workers are doing with that data and rework the new ‘normal’ to make it more effective and secure.”
Virtual private networks (VPNs) secure both the employee and the company’s network environment, but your VPN must have enough space to support large-scale remote work. Equifax, for example, saw the number of employees using their VPN jump to over 90% in early March 2020. Too many users places a burden on the network, which can compromise the security of the connection or make it difficult for employees to connect.
According to a Microsoft study, the number one security spend during the pandemic was in multi-factor authentication (MFA). MFA requires employees to provide more than just a password to prove their identity. Examples include security questions, codes texted to cell phones, and biometric verification like facial scans. This extra step is critical when you consider that employees are often logging in to essential business tools that house mission-critical data.
With Trello Enterprise, you can enable two-factor authentication (2FA), an authentication process equally as secure as multi-factor. Here, employees have two methods of verifying their identity as opposed to the three or more options offered in multi-factor. This ensures a secure work experience for your employees no matter where they work—at home, at the office, or on the go.
2. Directly Address Shadow IT Behavior And Unapproved Tools
Employees will do what it takes to get work done. In a work-from-home scenario where they’re missing access to tools and hardware they had in-office, this could mean adopting practices and tools not approved by your IT department.
This practice is often called shadow IT.
Here’s an example: Employees are taking a BYOD (bring your own device) approach to remote work. A recent survey found that 33% of employees admitted to using personal devices instead of work-issued devices to get their job done.
Lakshmi Hanspal, global chief security officer at Box, writes, “People will find a way to work around security measures that don’t align with their business needs. As long as end-users see security as something that gets in the way, we will always face unnecessary risks.”
And what are those risks? Increased malware and viruses on employee devices.
Employees aren’t being intentionally sneaky when they use unapproved tools—often, they’re simply looking for an easy way to make up for gaps in their remote workflow.
Get ahead of this by understanding and identifying what needs your remote workforce will have. What tools and help might they need that would send them into the open arms of an unapproved tool? You can use internal feedback opportunities to assess pain points your employees are feeling at home and give them opportunities to suggest tools that might help.
Trello Enterprise offers employees and teams a way to customize their work experience to meet the needs of their work-from-home setup. With unlimited integrations with over 150 Power-ups, employees can streamline their work and centralize important data. Teams can also spin up additional boards to supplement work they used to get done in the office, like stand-ups, brainstorming sessions, and even social interactions.
3. Switch To Secure Cloud-Based Tools
Making the switch from on-site legacy software to secure cloud solutions can go a long way in securing employees’ work-from-home environments.
In their report, Pulse Security found that over half (54%) of respondents admit that COVID-19 sped up their company’s adoption of cloud-based tools. This can, in part, be attributed to employees’ need to access tools from their home offices. Not to mention the bandwidth needed to support this increased demand.
Cloud-based tools can also eliminate the need for employees to connect through a VPN. By switching to cloud-based tools, you can move employees off an existing VPN, thus freeing up space and allowing the VPN to operate more efficiently, or you can cut a VPN from your operation altogether.
Trello Enterprise operates in the cloud, meaning security and compliance is built into your workflow. Trello offers Atlassian-backed SAML single sign-on (SSO), which uses your preferred identity provider to verify approved users. SSO makes it easier for employees to access their tools faster, requiring that they only remember one set of complex credentials as opposed to several. And by syncing with your identity provider, any changes, such as removing login access when an employee leaves your company, is instantaneous.
4. Revisit Data Access And User Permissions
Work-from-home setups shine a light on increased security risks but also aspects of data management and security that you may not have addressed in the comfort and security of a physical office. The move to more long-term remote work warrants a closer look at employee access to data.
A survey by GetApp found that nearly half (48%) of company employees had access to more data than was necessary to do their job. The increased access to potentially sensitive data means a greater chance of that data being leaked in the event of a cyberattack.
The trouble is, a significant number of IT leaders (80%) have a difficult time accurately visualizing employee access across their company’s operation. Tools might not build their setup menus to centralize that information and instead store unique settings within individual employee profiles. If a company has 500+ employees, that equals a great deal of time spent drilling down to verify what an employee can access.
Here’s where privilege policies can help you out. Some companies approach permissions from a “zero trust” angle, meaning they assume no one can be trusted and build out permissions from there. It can be time-consuming if permissions are still granted on an individual basis, but it does ensure employees only access what they need.
Role-based permissions policies can often be granted through your identify provider, giving employees access to tools (and thereby information) if they are part of a group or role. Marketing employees, for example, would be able to access your marketing tools or data relevant to marketing campaigns and strategy.
Here’s some good news: Trello Enterprise offers your Enterprise admins a centralized dashboard that lets them see (and manage) employee access permissions across the company. Your admins can assign or remove employees from various teams, thereby dictating which boards and workspaces each employee can access.
Say you have a finance team. On the dashboard, your admins can set permissions on all boards and workspaces containing sensitive financial data so that only members of the finance team can access them. Then, as they add or remove employees from this team, those employees can either access or no longer access that data.
5. Educate Employees On The Security Risks Of Remote Work
Working from home catches employees with their defenses down, making it the perfect storm for those who seek to exploit that weakness and gain access to your systems. Get ahead of this threat with a robust work-from-home policy and education program.
In their survey, Microsoft found that the security precaution companies invested in the least was end-user security education. Yet, user awareness of security issues remains a key security challenge for companies with remote workforces.
The FBI reported a near-400% uptick in cyberattacks in the early months of the pandemic, yet with little to no education in place, employees are unaware of what threats exist and how to avoid them.
“There are more emails with malicious attachments in PDF, MP4, DOCX, etc., that are associated with the COVID-19 situation. In crisis times like these, users who are eager to get the latest COVID-19 information may be more careless and prone to such scams or phishing emails,” says Matthias Chin, founder and CEO of Cloudsine.
Honesty is your go-to policy, especially when it comes to data security. Being open and honest about expectations for employees’ use of work technology while at home can help answer questions employees may not even know they have.
Also consider instances of shadow IT, as discussed above. Giving employees context on the risk of unapproved tools, rather than just a list of what they can and cannot use, can help curb shadow IT behavior.
Use Trello Enterprise to build out your work-from-home policy. Having a dedicated, go-to workspace or knowledge hub where employees can find training videos, policies, procedures, and the latest communications helps keep employees up to date on key security issues. Your teams can also take advantage of cards to ask questions and start conversations about important security topics.
Remote Work Data Security Is A Company-Wide Effort
Keeping remote work secure shouldn’t fall solely on your IT department or your technology. Cultivate a culture of responsibility and awareness that encourages all employees to take an active and invested role in keeping your company—and your data—secure.
Want to know more about how Trello Enterprise can help keep your work-from-home operation secure? Reach out to the Trello Enterprise team for a customized demo!
Good or bad, we’d love to hear your thoughts. Find us on Twitter (@trello)!