The pandemic is an enormous accelerator for the transformation of the working world. Developments that were previously rather slow have suddenly gained enormous momentum.
For companies, this development is dramatically changing the way they work. They need concepts for hybrid work models, and they need to rethink their office spaces and equip their employees with the resources and tools that deliver the best results.
The pandemic has also shown that the massive global shift to working from home is creating new cybersecurity challenges. For instance, the number of cyberattacks has increased dramatically during the pandemic. Experts from Okta, IDC, and Slack explain what measures companies can take in the current climate to avoid becoming a target for cyberattacks.
Cybersecurity in the age of remote work: 5 key insights
Remote work is here to stay: It won’t be possible to reverse the changes from the past few months. Large companies have long since announced that their employees and staff can continue to work from home even after the pandemic is over, if they want to. And that’s exactly what many people want, as a Slack’s Future Forum survey shows. According to the survey, only 17 percent of employees worldwide want to return to the office full-time, while 20 percent want to keep working on an entirely remote basis and 63 percent want a hybrid between remote and office work in the future.
Oliver Blüher, head of Slack Germany, is convinced that this is only the beginning: “We have taken the first step. But many have simply transferred what they did in the office to their home office. Now we have to take the next step and really maximize the potential of this newfound flexibility.” Blüher adds, “One solution can be asynchronous work. In our private lives, too, we’ve moved away from the classic telephone call and now leave voice messages instead. In the future, we’ll also increasingly see trends like this in the working world.”
Email as a security factor: A large proportion of current cyberattacks trace back to emails. According to Trend Micro, this figure was as high as 92 percent in 2020. Addressing email security issues can be one of the most effective ways to increase enterprise security.
According to Matthias Zacher, senior consultant at consulting firm IDC, 78 percent of companies reported security breaches in 2020. Among the biggest risk factors, in addition to malware, ransomware, and user errors, are phishing emails: as many as 10 percent of these emails result in potentially dangerous clicks.
Larkin Ryder, director of product security at Slack, says the danger with phishing is that attackers get their hands on employee credentials. The best protection against this, Ryder says, is a secure environment that is largely email-free. “We need to provide our employees with work environments that are secure and workflows that move them forward. I think that’s something positive we can do for our employees. If they’re not using email, then they’re protected from the outside world. Collaboration platforms like Slack can be a solution here.”
We need to provide our employees with work environments that are secure and workflows that move them forward. I think that's something positive we can do for our employees.
Secure places to store data: As data flows globally, it’s increasingly important for organizations to know and control where it’s stored. Workplace technology must provide options for data residency around the world to ensure security and regulatory compliance.
Sven Kniest, regional vice president for the Germany, Austria, and Switzerland region at the identity and access management platform Okta, believes that a lot has happened in the last year when it comes to cloud solutions. Technical understanding has grown, as has confidence in managing cloud solutions. IDC data also shows this: 40 percent of companies are now prepared to move to the cloud. An important consideration here is data residency, which allows customers of cloud services to decide for themselves in which data center their data is stored.
Ryder from Slack adds, “We have to take the regulations in each country into account. In Germany, for example, we are TISAX certified to serve the German automotive market. Service providers need to look anywhere in the world and make sure they’re ready to adapt to the regulatory requirements of the industry in that location. And that’s very important for us at Slack to build trust.”
Technology can help: Thanks to automation technologies, it’s easier to detect and remediate cyber threats and vulnerabilities, and increase IT teams’ productivity.
Kniest addresses cloud providers in particular: “The technology to make cloud services more secure already exists, but it must be used from the very beginning.” In concrete terms, this means that even the development phase should follow the principle of “security by design.” “If you take all security aspects into account in the early stages of development, you prevent security gaps later on,” adds Kniest.
Automation is another way to make things easier for employees, Ryder explains. Slack is already very well positioned here as a curated work environment with numerous integrations and Slack’s Workflow Builder, which can be used to create custom automations.
Establish a new mindset regarding security: People are the weakest thread in a company’s cybersecurity fabric. A robust cybersecurity culture (CSC) and technical knowledge are therefore critical to fostering a better understanding of data security and the appropriate use of technology.
According to Okta, the biggest difference after a year of remote work is the shift in attack vectors: instead of companies, employees are being targeted; instead of the corporate infrastructure, home office endpoints are being attacked. Although security awareness has increased, there is still a lack of the skills needed to use the new technologies, according to Sven Kniest.
As Zacher of IDC sees it, this is also a matter of habit and awareness. Some were still using their personal computers and the public Internet instead of secure networks last year. The main problem here is social engineering, in which attackers adopt a false identity to obtain confidential information from people.
Remote work is just the beginning
As Kniest from Okta sums it up, “The future is hybrid. There will be no going back to the old world of work, and working from home won’t be the only change. Work will become increasingly independent of place and time—companies must prepare for this. This includes providing a flexible working environment that enables productive work anywhere and at any time.”
At the same time, cyberattacks will increase and become more sophisticated. Tasks such as identity and access management, security and usability, and automation should therefore be at the top of the agenda.
Blüher firmly believes that “we can try to avoid mistakes by putting pressure on people. But fear is never a good motivator. Good preparation is the key: you need to have processes, know what to do, and stay calm.”