If a time traveler were to arrive in 2020 with no preconception of the global landscape, they would be shocked to see office spaces, commuter trains and city centers in a semi-permanent state of flux. The Covid-19 pandemic has made some of the busiest business districts on earth, from Canary Wharf to Wall Street, into ghost towns, as the workforce turn en-masse to remote working. The problems associated with this – from motivation to mental health – would need more space than an article to explore. What we can explore, however, are security practices in the remote workplace, and how the standards applied to this uniquely modern problem vary not only from enterprise to enterprise, but from country to country; an observation we had following a recent survey of 5000 remote employees across the USA, Ireland, the UK, France and Germany.
Security and continuity in the remote workplace
One of the most crucial aspects of remote working is in ensuring that the devices individuals are using maintain security continuity from the office environment. On one hand, the office is a controlled environment, whereby employers can monitor and define what devices are used in the network. This control step is removed, however, when an employee is asked to start remote working. It is remoted across all dimensions technical controls, security processes and most importantly security consciousness and mindset of our employees.
The results of the survey conducted found that of those surveyed, only 44 percent had not been provided with a device by their employer, on which to work. This means employees were forced to work on their own devices, and presumably, to connect these devices to the corporate network and/or systems. If these devices had not undergone the appropriate security posture checks in advance of connecting, corporate networks across the globe would have been exposed to threats present on personal devices which did not benefit from enterprise-level security solutions.
What remains even more disturbing is that the data suggests that basic security hygiene was not adhered to in advance of remote working. Only 49 percent of the respondents suggested their employer had enforced a policy of multi factor authentication – Meaning over half were not instructed to do so or were unaware if they had been. A further 30 percent found that they had been offered no guidance on security practice when remote working at all.
Cultural differences in remote working
That certain cultures are more conscious of collective efforts and others more individualistic comes as no shock. However, even amongst five countries which in theory should reflect a similar, Westernized and globalists working outlook, we see a marked difference in their treatment of security in the hybrid working model ushered in by Covid-19.
Of the 1000 consumers surveyed from the United States for example, we noticed a marked difference in the kind of websites they see as inappropriate to access from a work device. For example,15.6 percent of them admitted to accessing adult websites – A notoriously unregulated section of websites – from a work device, markedly higher than the UK, where just 5 percent had accessed these sites.
What’s more, we also see a marked difference in the levels of acceptance, and even enjoyment surrounding the new normal. When asked if they expected the current working climate to increase the flexibility of employers, 62 percent of those surveyed answered that they did. But this rose to as high as 73 percent in French workers.
A global need for standards
What do these statistics speak to? I believe they reflect a deeply concerning lack of consistency across the global working population when it comes to security and remote working. In today’s globalized and connected landscape, geographical borders and cultural differences are respected by global commerce for key disciplines like service delivery, security and privacy. GDPR compliance regulation has really been the bench-mark as it is mandatory.
With the Covid pandemic has impacted our all our working lives and while working practices of one country, they too vary from particularly from a security perspective and this has the
The remote working practices we have seen Covid facilitate are here to stay.
In order to make sure that we all remain globally secure, we need to see security protocols for remote working standardized across all businesses, in order to protect themselves, their employees and other businesses in their wider network and supply chain. We also need to foster a global culture of security awareness: The online world is increasingly our world, and we need to work to keep it safe.
Like with our globally recognized best practice standards for service quality, security and privacy I do believe there is now a need for a global best practice standard for remote working.
One of my favorite sayings is “You are only as Strong as your Weakest Link” and the absence of global best practice standards for remote working may underpin the existing global best practice standards. Security thought leaders are lobbying for these standards to be introduced and in the meantime proactively implementing tactical but strategic measures to incorporate their remote working framework into scope of best practice standard accreditations.
Providing Trust and Security Assurance for your remote workforce had already become a key differentiator for businesses before the Covid19 pandemic. Many newer businesses or younger members of the workforce cited flexibility as an important factor in their happiness at work before the pandemic. Now, it has not become a signifier of a flexible, modern and helpful place to work, but a crucial and necessary part of a businesses survival over this unprecedented period. Don’t allow it to become your businesses weakest link and invest in your security for your remote workforce today.
Niamh Muldoon, senior director of trust and security, OneLogin