Remote working: We're on top of defending WFH, say IT leaders
'Security has been moved to devices rather than offices meaning all have the same protections'
Despite periodic exhortations from politicians and business leaders to "get people back to work," i.e. return currently largely home-based employees to office desks, it would seem that working from home (WFH) as part of a fully remote or hybrid model has bedded itself firmly into the national psyche and working practices.
Among 100 UK IT leaders polled in our recent cybersecurity research, the number seeing more WFH over the previous 12 months (20%) was perfectly balanced by those seeing less. The majority (60%) reported no change at all.
Many organisations have found remote working to be beneficial. "People are able to work effectively from home, and it saves on costs," said an IT administrator in government.
However, One argument for bringing people back to a central location is that remote workers are harder to defend from cyberattacks. This was certainly true during the pandemic, where rushed attempts to connect substandard home routers to core networks undoubtedly left some holes. But is it the case now?
The answer is a qualified no, according to our respondents. By and large, the situation is in hand. Twenty six percent said defending home workers is becoming easier while 18% said the opposite. Again, for the majority there was no change. There was no obvious pattern of particular industry sectors or business sizes being more or less likely to be struggling within this small sample .
Respondents mentioned specific solutions or interventions they'd put in place since the pandemic, including regular awareness training, 2FA, VPNs, zero-trust networking and enhanced endpoint monitoring and protection.
"Security has been moved to devices rather than offices meaning all have the same protections," said an IT governance executive in business services.
The combined efforts of the industry and cybersecurity have ensured that the remote working model has not caused any appreciable deterioration in security, even as threats mount. However, it has meant extra work and sometimes additional costs. Ensuring that remote workers' equipment remains up to date, supporting a wider range of devices and pushing out updates are all more complex than when working in a central location, and this at a time when IT departments are under pressure.
"Due to cost cuts and layoffs we have to do the same with much less," said a software director in a technology company, one of those who said defending remote workers is becoming harder.
Certainly, there's no room for complacency.
"As time goes on people become more lax and systems get further out of date," noted a service availability manager in retail.
In addition, home-based workers may be more vulnerable to threats such as phishing and phone-based scams, and more prone to risky behaviour on unsanctioned devices, making them an attractive target for cybercriminals looking for new ways into the corporate network.
"A threat is a threat. Phishing is still the number one threat," said an information security manager in manufacturing.
Working from home suits some businesses and some individuals much more than others. Software startups may operate without staff ever meeting face-to-face, a setup that would be much more difficult to manage in more physically rooted, people-oriented organisations.
"Nearly everyone now works back in the office full time," said an IT manager in distribution and transport.
And in many instances digital interactions are a poor substitute for meeting in person.
"Customers require and expect more access and face-to-face sessions," said a business relationship manager at a university.
Overall, though, the picture that emerges is clear: an emergency measure has become the new norm. Thanks to the convenience, productivity, and lifestyle benefits it offers to both employers and employees, remote and hybrid working was already on the rise before the pandemic, and an equilibrium has been reached.
Cybersecurity professionals have risen to the challenge, defending this new way of working and ensuring its long-term viability. As a result, what began as a temporary solution has now become a permanent fixture.