One of the biggest consequences of COVID-19 for businesses beyond 2020 will be the acceleration of the tendency to work from home.
Organizations have already been encouraged to analyze it with the promise that each employee working from home would work, on average, an additional 1.4 days per month, and that there would be increased productivity due to a perceived improvement in work-life balance.
This percentage of work from home increased rapidly due to the COVID-19 situation. Since the lock effectively requires most people in careers to work from home, as we return to “normal”, it is likely that the dominant trend going forward is for employees to want to continue working from home in the future. In fact, research suggests that up to 41 percent of employees will continue to work from home at least to some extent after the pandemic.
Switching to work from home has been on a grand scale. Some ISPs saw up to a 25 percent increase in bandwidth usage, and the underlying reason for this increase is home office usage. For example, the Zoom video conferencing platform has seen a jump from 10 million users to 200 million users as people seek to conduct their required meetings online.
Organizational concerns related to increased work from home
As beneficial as working from home has been helping companies stay productive and employees staying engaged, there are security issues in allowing work from home, and this has been the reason why so many organizations have hesitated to do so.
A key concern is that the organization needs to open the network in order to access it through residential Internet connections, and without having firm control over its BYOD internal security policy, this can quickly end in disaster.
One workaround for this that all businesses should make standard when allowing work from home is to require employees to use a VPN service from a trusted provider (not all VPNs are created equal, so be sure to do your due diligence to find a that you can trust). This makes it harder to attack a domestic worker with malicious attacks by hiding the user’s IP address, encrypting all data sent from that user’s devices, and masking the user’s physical location.
Next, the company must provide secure cloud services so employees don’t need to save anything locally or distribute it to other employees through insecure ways (such as by email). A service like Microsoft Office 365 provides each employee with plenty of cloud-based storage for all types of documents and then enables them to collaborate online, in a secure environment, in real-time.
Another critical step is for the organization to order backups on all devices. This does not mean keeping local storage drives in employees’ homes, but rather using management software across the cloud environment and mobile devices to keep a separate backup of the cloud environment.
One of the areas that IT can overlook when it comes to a highly distributed remote work environment is the need for a backup strategy for remote devices and their data.
Internal training on best practices.
Organizations should also launch an educational program to help employees understand how to operate safely. In addition to implementing two-factor authentication and other better password protection policies, organizations must help employees understand the importance of strong passwords, how to identify an email phishing attempt and other best practices.
Companies must also guide employees on how to change the administrator password on their modems / routers, and understand the risk profile of working through a residential Internet connection. A large percentage of security risks come from human error, and when employees work remotely, it is even more important to help them understand how to take personal responsibility for their security.
The dangers of public WiFi
Eventually, as the blockages are eased and people start dating, remote work will also become a journey. Perhaps an employee likes to take their laptops to the local café for morning coffee. They may travel to meet clients or may want to register abroad during a holiday. There is nothing inherently wrong with any of that, however, in the same way, it is important to reinforce best security practices in public.
For example, public WiFi access points should not be used to access the corporate network. The organization must also have Remote Access Control (RAC) installed on any device that is used for work. That way, if a device is lost and stolen, the organization can lock the data on the device and perform the recovery steps.
Post – COVID-19
Many organizations have historically hesitated to allow work from home, because of the perceived security threats that come with it. However, the advent of COVID-19 strained their hands, and those same organizations had the option of enabling remote work or closing the pandemic.
Now, however, solutions and technology are in place to enable remote work after the pandemic, and employees look forward to it. Going forward, remote job security will be a continuing priority for every organization, with the good news that, once implemented, the productivity gains from remote work will pay off.