Ask a child to draw a picture of their parents’ workplace and you’ll likely get handed an image of a typical office, with desks, dividers, computer screens, and perhaps a watercooler. Even today, the stereotypical office workplace is the same as depicted in the 1999 cult classic film, Office Space.
While the office may look the same, in fact, a vast amount of change that has taken place. Laptops are more common than desktop computers, meaning that work can be taken home. Mobile devices are more powerful than computers were two decades ago, meaning that work can be completed in transit. Additionally, the ability to request flexible working is now an entitlement of every employee in the UK.
A major shift in mobile working in the UK took place in 2012. That was the year when the government’s Department for Transport ran a widespread campaign, alongside major partners such as Mumsnet, Microsoft, Vodafone, and Transport for London, to encourage people to work from home. The reason? The London Olympics. With an additional 470,000 people coming into the city for the duration of the games, the smooth running of London’s transport system was paramount to its success.
Since then, flexible working has become much more widespread, and remote working -- where an employee works from anywhere, be it home, a cafe, on a train, and so on -- has risen sharply, with a 27.7 per cent increase in the number of home-workers in the last decade alone. While this eases congestion on public transit and helps workers manage their children’s school run or hit the gym in the morning, it has major repercussions for enterprise security.
A mobile workforce means that a business' data is also ‘mobile’. Data, whether it is emails, ideas, contracts or plans, is the life-blood of most modern businesses; it is their intellectual property (IP). Without this data, there would be no product, no service, no sales. In taking said data outside of the office, the protection -- servers, firewalls, secure WiFi -- is lost, and data is open to malicious activity.
Adding to the problem
This is further compounded by the proliferation of consumer devices. Companies may give their employees laptops and work phones, but personal phones are still used, consumer apps such as WhatsApp are used for internal communications, and the work laptop may be connected to open, unsecured free WiFi in a cafe. This all creates a vast amount of risk to digital property.
In our recent report, ‘Odds of a Bad Bet’, we highlighted the extreme likelihood of businesses suffering from cybersecurity flaws, including the fact that a business is as likely to avoid a malware attack in a given year as you are likely to pull the Ace of Spades from a shuffled deck on one try.
In fact, the mobile workforce does inadvertently add to the problem, given that the average employee is three times more likely to infect a colleague with a malicious email than they are to spread the flu to their partner. Unfortunately, the fallibility of humans means that, as much as we try to be aware of phishing and other nefarious acts, it’s never completely possible for any human-centred activity to be impenetrable. That is why companies need to make sure the tools they provide their employees with are the most secure on the market.
The blame does not belong to the entire workforce, of course, as quite often the very people on the ground look up to management and see a lack of cybersecurity savvy. To that end, our report found that 4 in 10 employees believe that their CEO undervalues cybersecurity. This is a recipe for disaster, which is made all the riskier with mobile workforces whose data is beyond the safety of a corporation’s four walls.
A solution is needed. There needs to be a method for communicating with a large mobile workforce that protects data, retains IP, establishes secure connections, and is as usable as the consumer applications that workers are accustomed to using in their personal lives.
A new protocol
The solution needs to have a good user interface so that the workforce chooses to use the corporate product, rather than switching back to something much less secure, simply because they prefer the way it works. At Wire, we believe this solution is on the horizon and is going to be a real game-changer that will make the mobility of the workforce more secure than ever.
Messaging Layer Security, or MLS for short, is a new standard being developed to firm up the security of enterprise messaging platforms by employing end-to-end encryption within group communication. Mozilla, Cisco, Oxford University, Facebook, INRIA, Google and Twitter, as well as our team at Wire, are all working on this new protocol, which will allow for mobile workforces to work together, wherever they may be, in a fully secure environment, protecting company IP by default.
MLS has three major goals:
- Make secure messaging in groups more efficient
- Increase group messaging security (whilst maintaining security guarantees such as Forward Secrecy and Post-Compromise Security).
- Establish a standard that can be adopted at scale by businesses of all sizes.
The idea behind MLS is that it is ultimately meant to exist as an open standard so that all platforms can take advantage of the security MLS offers.
When an organisation uses a platform that leverages MLS and offers end-to-end encryption, collaboration becomes more secure and companies’ most valuable products -- IP and digital assets -- are better protected against the malicious actors who aim to target them through vulnerabilities. Truly, this is the best way that a company can foster the mobile workforce of the future while acting with a high level of responsibility towards security considerations.
A more mobile workforce is coming, and all companies, big or small, need to be prepared. Not just in the sense of flexible working policies and employee wellbeing strategies, but in creating a secure working environment outside of the four walls of the main office, both to prevent data breaches, and for retaining IP. Are you ready?
Morten Brøgger, CEO, Wire