Equipping a remote workforce

August 4, 2021

With the global pandemic it has become apparent that the work/life balance has shifted, and new remote working environments are here to stay

We are entering a very different business world at the moment, one which has been thrust upon most of us far quicker than we planned for and will by all accounts last a lot longer than many of us think. Reading the news at the moment is pretty grim, especially if you read the business news, and unfortunately I think it’s going to get a lot worse before it gets any better, but one thing is sure about the business world for the next year or so at least – it’s going to change, dramatically.

Furthermore, we are seeing a huge increase in cybercrime, phishing attacks have increased, data thefts are rife and only recently it has come to light that EasyJet has had a massive security breach at a time that they are already experiencing significant losses in revenue – not a great time for them, but it outlines the serious threat that businesses of all sizes are facing.

All the hurried preparations to get employees working remotely has led to a number of holes in corporate security, and in some cases completely broken their security models. Banking institutions, R&D, pharmaceuticals, fintech, etc., the list goes on of organisations that have had to break their traditional security baselines just to survive. In many cases, businesses have been enacting BCP plans that have never been fully tested and, in some cases, never fully defined. We are in a very difficult situation and, for many organisations, the whole security baselines will have to be completely re-written to support remote working. So what can we do?

Historically, many large organisations had large offices in sought after locations where all their employees could work together, interacting directly with one another and working in close teams to complete their tasks. We are facing a reality of long term remote working, partially due to the risks of the current pandemic, but also because it’s finally dawned on the business world that it is cheaper to have remote workers. There are plenty of benefits all round for remote working: work life balance, reduction in travel costs, the ability to go and clear one’s head without having to ask etc. are all being hailed in the media as clear benefits and to be honest, I think in the main they are absolutely right.

For all the benefits of remote working, a significant question needs to be, what should you be doing about securing your remote workforce?

Furthermore, we have seen a significant rise in the use of cloud service, managed telephony and a number of other solutions as a service. Many of these solutions were quickly procured; with the crisis of the pandemic threatening the very existence of many companies, there has been a significant level of expenditure in this area. For the moment, many companies have used a band aid to get their organisations functioning from isolation; once things have eased these organisations will need to refine their remote working solutions to suit a more long term situation.

We need a security paradigm shift. Security professionals around the industry will have to change traditional views and build a new way of delivering quality information security to a diversely spread out employee base. Endpoints, for example, have shifted dramatically out to people’s homes, bringing home networks and other devices using those networks potentially in scope. We need to carefully re-evaluate what we need to do – it’s not just about securing, we must also start thinking carefully about validation and consistent security for technical infrastructure.

Authentication

For securing your remote workforce, we need at least multifactor authentication but we also need to consider that one of those factors needs to validate who the individual actually is. Biometrics and ongoing behavioural based authentication should be very strongly considered as the norm now; multi-factors such as user/password combinations and token/soft token-based secondary factors are fantastic, but biometrics is far more reliable for ensuring that the identity of the individual authentication through the nonrepudiation that biometric technology can give. Another possibility is behavioural analysis. There are some very interesting solutions that learn how people interact with systems and provide ongoing authentication. This is still a very niche area but it could be a fantastic option to ensure consistent validation for users during and after authentication.

Endpoint security

Another example is beefing up the endpoint security, not only to look out for malicious code operating on the laptop itself but also IDS / IPS software that can detect localised attacks and often underused local firewall solutions to regulate communications, as well as file integrity software. There is a wealth of security options to protect endpoints, though quite often these are commonly and woefully under-utilised before now. There are a number of additional items to consider such as tracking and remote wiping technologies for laptops, DLP solutions, cloud based solutions, etc. The list of options is almost endless to ensure that remote working can be done securely.

Desktop solutions

Finally, we also have remote desktop solutions. If securely undertaken, an organisation can provide remote desktops for staff that are home based. This was popular many years ago with Citrix, and to be fair it’s never really gone away, but it’s more underutilised today than it probably should be. Obviously it’s not going to be suitable for everyone; there are always going to be specialised high end users with high end requirements, such as software developers, CGI rendering and similar such roles and activities that will need more powerful and versatile solutions, but most employees not in such specialised roles can just as easily use some form of remote desktop.

The solution: Biometrics

Maria Pihlström, Senior Global Marketing Manager at Fingerprints explores how biometrics is steadily becoming the optimum way to secure a flexible and remote workforce in the new business world.

The modern employee’s daily life is powered by numerous technologies. PCs, smartphones, dongles, USB sticks and several cloud-based enterprise applications are all at the heart of today’s working world. As work becomes more agile, these technologies are a vital bridge to ensuring flexibility and business continuity. But corporate data needs to be protected regardless of where or when an employee is working.

Biometric technology is already enabling smarter physical and logical access, and could be the solution businesses need to empower their staff with robust yet convenient security, even when they are working from anywhere (WFA).

The security challenges of remote and flexible working

Having grown by nearly 140% since 2005, more businesses and employees recognize the benefits of remote and flexible working. Many corporate giants now champion a hybrid office/remote work model – but how can they maintain security and privacy just as effectively with a distributed workforce?

April 2021 was a record month for cyberattacks and data breaches, with 143 known incidents breaching an unprecedented 1 billion records. Legislation such as Europe’s GDPR means security and privacy represent a significant commercial pressure-point. Businesses cannot take their eye off the ball with security. However, maintaining seamless security across a distributed and flexible workforce poses numerous complexities.

WFA in shared environments such as at home with roommates, in activity-based offices, co-working spaces, or even cafés comes with an increased risk of stolen passwords and PINs through ‘shoulder surfing’. This is a significant concern given more than 60% of hacking incidents involve stolen credentials. The risks surrounding employees leaving devices unlocked in public spaces or losing data storage devices that don’t have embedded security also grows outside of the office. Furthermore, as remote workers are often using less secure internet connections, the need for stronger authentication increases.

Flexible working is also seeing fixed office hours softened. So, employers need a way to protect their office effectively while still allowing employee access at their convenience.

The password problem

Balancing security with convenience means that traditional methods such as PINs and passwords are no longer fit for purpose. Today, 60% of consumers feel that they have too many passwords to remember. Some have in excess of 85 for all their professional and personal accounts, and maintaining these in line with differing complexity requirements is an uncomfortable prospect for many. Consequently, many simply re-use the same password or inject minor variations – a sin 41% are apparently guilty of.

Security should not be a burden for employees, nor should it present additional worries for employers. Instead, it should empower workers to be productive yet secure, putting employers at ease.

Biometrics – smarter security wherever and whenever you work

Through biometrics, employees become the key to their remote workplace security on a range of devices and access points including laptops, PCs, access pads and fobs. Whereas a PIN or password can be forgotten, biometrics cannot. As biometric technology only gives access to authorized users, is difficult to steal and spoof and does not allow scalable attacks it reduces the risk of hacks and breaches through stolen credentials, lost devices, or poorly secured non-enterprise networks.

Biometric technology used in smart locks or smart cards can simplify physical access control for flexible working too. With only authorized users granted access, businesses have peace of mind that it is only their employees on site, regardless of the time they find themselves working.

Biometrics are already the de-facto authentication method in smartphones and are a familiar feature in PCs and smart homes. This makes integrating biometrics for physical and logical access at work a golden opportunity.

To simplify integration, employers can turn to solutions that use on-device biometric data storage. With these solutions, the biometric data is stored, matched and authenticated securely within the device, removing the costly administrative burden of creating, maintaining and protecting a central database. This makes biometrics easier to implement for employers while ensuring employee privacy, reassuring the 38% of consumers who have concerns about centralized biometric data.

Employee & employer trust with biometrics

By removing the reliance on passwords and PINs, biometric technology becomes the security pillar that can overcome worries employers may have with flexible and remote working.

In the long term, many businesses will support their employees with WFA, but they must ensure that they are not exposing themselves to greater risk. Biometrics creates high levels of trust between employees and employers. Trust that they are securing their corporate devices when being used remotely; that if they lose their devices the data cannot be accessed; and that they can access their workplace information at their convenience. Through biometrics, and the simplified, convenient and secure environment it creates, employees are empowered to be just as productive wherever and whenever they choose to work.

Commentary: Maria Pihlström, Senior Global Marketing Manager at Fingerprints

Flexible working is also seeing fixed office hours softened. So, employers need a way to protect their office effectively while still allowing employee access at their convenience.

Commentary: Jan Erik Aase, Director and Global Leader, ISG Provider Lens Research.

The surge in cloud, biometrics, and artificial intelligence applications is fueled by the pandemic effects, which forced providers to quickly adapt to work-at-home arrangements.

In a disruptive time like this, enterprises need to deliver the best customer experience, with more personalization, to preserve brand loyalty. Enterprises that use technology to deliver a better customer experience can set themselves apart.

According to the new data, the shift in buying and communication patterns would extend to legacy-heavy companies, and would now be irreversible.

Security concerns deriving from the adoption of these new technologies would have also caused the rise of solutions relying on facial recognition, auto screen lock, voice biometrics, and VPNs, among other technologies.

This growth has coincided with the interest of companies to make sure staff are working as efficiently as possible, and many of them have deployed tools such as keystroke monitoring, facial recognition, or wearables.

New polling commissioned by Prospect now showed that the vast majority (66%) of the British workforce feel uncomfortable with these monitoring practices. Having your every keystroke or app usage monitored by your boss while you are working in your own home may sound like a dystopia. But there are precious few controls in place to prevent it from becoming a daily reality for millions of workers across Britain.

To stay up to date on the latest, trends, innovations, people news and company updates within the global security market please register to receive our newsletter here.