Large-scale work from home might be here to stay. The way you protect employees and customer data will need to evolve as a result. You’re probably already using VPN security, for example. While VPN will protect you against some security threats, it is not enough to keep your company safe. Work-from-home access governance requires you to take a step back and assess how this new way of working impacts IT security.
The Work-From-Home Access Challenge
There are a few crucial reasons why mass work from home arrangements make security and productivity more challenging. Before designing a solution, it is helpful to clarify the nature of the current situation.
In terms of IT security, work-from-home arrangements create some new challenges. You cannot depend on physical security safeguards in your office building like guards, door key cards and office locks. As a result, there is greater pressure on technological security measures. However, employees are also under new pressures and stresses.
From a productivity point of view, there are new challenges. Some people may enjoy the lack of commuting time in the morning and evening. However, the lack of clear separation between home and work may add stress in some cases. Finally, working at home for long periods means participating in non-work activities, including interacting with family members during the workday. Therefore, it is vital to make workplace technologies simple and easy to understand.
Guiding Principles for Work From Home Access
Based on our analysis of the current security situation, we recommend using the following principles to enable effective work from home access.
● VPN Security. Start with the fundamentals of security for a distributed workforce, such as VPN security. Think of the VPN as your first line of defense.
● Update IT security risk assessments. The IT security risk analysis you came up with last year probably no longer makes sense. The software and processes you use today need to keep up with evolving threats. For example, there is an increase in phishing scams in 2020. This threat is so significant that the U.S. Secret Service has issued a public warning.
● A balanced approach between security and productivity matters. Every security measure needs to be assessed to determine whether it places an undue burden on employees.
● Security agility. IT security programs and processes need the ability to change rapidly. For example, if people leave the organization, their work from home access needs to be promptly removed.
● Update Monitoring and Reporting Processes. In a traditional office, hallway conversation helps keep people informed about new developments, including security. As these casual interactions are less common in work from home situations, your IT security reporting will need to adjust accordingly.
Technology Solutions To Support Work From Home Access
There are a few technologies that can make work-from-home access governance effective. Let’s start by addressing a problem you are unaware of: employee burnout.
According to CNBC, work from home staff often tends to work longer hours and report burnout symptoms. The CNBC report from July 2020 states, “Over two-thirds, or 69%, of employees, are experiencing burnout symptoms while working from home, the survey found. That is up almost 20% from a similar survey in early May.” As a result, there is an increased probability that employees will suffer job burnout. When IT security professionals suffer from excessive work demands, they are more likely to make mistakes, like failing to detect access governance problems. Fortunately, better technology can help solve this problem.
Consider how much time your staff spends on IT security administration tasks like resetting passwords. Your policy might require employees to answer multiple security questions before they can reset a corporate password. Those IT security controls provide protection, and they also take a lot of time to administer. By implementing an IT security chatbot, you can save hours of work effort each week. That means your IT security professionals can look up from the grind of taking calls and answering tickets to carry out more strategic issues.
Next, find ways to make work from home access more manageable for your managers and employees to manage. A manual approach to access management means asking managers to save copies of access request emails. Even if you store that information in a password-protected intranet, there are still problems. How can your compliance and IT auditors verify the accuracy of such information? It is going to be tough for your staff to complete these types of reviews effectively.
The better way to verify IT compliance, especially given the challenges of work-from-home access, is to use Compliance Auditor. With Compliance Auditor, you have a single point of reference for carrying out compliance reviews. Also, you can easily add comments and flags for issues that require further investigation. As a result, you never need to worry about losing track of access governance exceptions.
The Final Ingredient In Successful Work From Home Access
Training your employees is the last ingredient you need to offer. Your employees may assume that visible security measures, such as the VPN, provide all the security protection they need. There is much more to the story. If your employees are adequately trained and engaged in effective IT security habits, your organization will be better protected.
The specific work from home security training you offer will need to take your company’s situation into account. As a starting point, we suggest covering the following tips:
● Every employee has a role to play. Start by reinforcing the reality that each individual has a role to play in security, especially in work-from-home environments where there are many distractions.
● IT security requires several layers of protection. Guide employees on how and when to use different IT security tools like VPN security, multi-factor authentication, and so on.
● The value of proper phone security practices. Your employees may not know it is relatively easy to listen to cell phone calls. Therefore, it is essential to use code words and limit the use of confidential information on calls when possible.
Finally, let your employees know where to go when they have questions on IT security matters. Provide a single email address and phone number where people can get help.