From WFH to WFA: addressing distributed work security challenges

The research and advisory firm Gartner has found that, after the COVID-19 pandemic abates, businesses will face a new kind of challenge: managing hybrid workforces. According to Gartner, 82% of business leaders plan to let employees continue to work from home (WFH) in at least some capacity, while 47% plan to allow employees to do so permanently. Others are even adapting work from anywhere (WFA) practices.

Major banks — including JP Morgan and Barclays — and technology companies like Google, Twitter, Facebook, and Square are just some of the organizations that have embraced remote work as part of their business models. Spotify’s WFA initiative gives employees the option to work from an office or home — and even their own choice of geographic location. In fact, three-quarters of the 43 large companies surveyed by The Times spoke of moving towards flexible working policies permanently.

Getting serious about hybrid work security

Temporary or not, the shift to remote work has caused lasting changes to the way people work. Even companies that are going back to having an office presence have developed WFA (Work From Anywhere) practices and will continue to enhance them, whether by hiring more remote employees, retaining employees who move out of town, or even shifting entirely and permanently to remote work.

“More employees working from anywhere means more devices connecting remotely, i.e. outside of the secured corporate network. As a result — businesses’ control over data is slipping rapidly. As such, it is critical to understand what remote workers are doing with that data and rework the new ‘normal’ to make it more effective and secure,” says Juta Gurinaviciute, Chief Technology Officer at NordVPN Teams.

The elements that build for security and privacy that may normally be available in a controlled corporate physical environment setting with defined physical barriers are routinely obliterated in WFA environments. And the risks associated with WFH are amplified when the move is made to WFA. This is because it includes not only our home base, but also working frequently on the road at customer locations, airports, coffee shops, and just about anywhere with wired or wireless connections.

”CISOs had to ensure that all endpoint devices connecting to network resources could effectively fend off attacks. Hackers, cybercriminals and nation states accelerated their attacks with a cold harshness during this pandemic. It’s time for organizations to get serious about implementing the security measures necessary for securing remote edge devices and entry points. It’s vital to make these measures part of a unified, comprehensive strategy. All of this forms a single, integrated security framework designed to simplify management and expand visibility and control,” – says NordVPN Teams’ expert.

Fortunately, most organizations now have the data and know-how necessary to understand how remote work impacts their applications, life cycle, and IT infrastructure, as well as its effect on traffic to applications that are located on-premises and in the cloud.

Mapping the future of work-from-home security

The consequences of poor cybersecurity hygiene while working remotely can include anything from compromised sensitive data to unauthorized access to the organization’s infrastructure. Secure communications while working remotely can be ensured by the combination of technical solutions and controls with proper employee operations security (OPSEC).

“Typically, when it comes to securing your teleworkers, the first item on the agenda is developing a corporate policy. This policy should outline what’s acceptable in a remote working environment, how data is handled, what levels of authorization are available, etc. Risk-based decisions can also be made depending on the types of devices employees use for teleworking (for example, company-issued devices, personal laptops or smartphones, etc.). Devices that haven’t been issued specifically by the company should be subject to more stringent controls,” says Ms. Gurinaviciute.