Managing Security Risks That Come with Remote Work

Most of us have adapted to listening to children chipping in on conversations, seeing our co-worker’s dog get cozy on their lap and virtually catching-up on Fridays for happy hour.

While it seemed like a temporary arrangement, we are now getting used to this new reality. It’s time to get comfortable and get that work chair you’ve been meaning to buy!

About 40% of Canadians are in jobs that can be done remotely.

In the wake of the pandemic, many companies, including Microsoft, Shopify, and Twitter, have gone as far as making remote work permanent!

This paradigm shift toward remote work isn’t sudden. Yes, the COVID-19 pandemic has sped up the process of work from home adoption but this is a trend that was noticed a lot earlier.

While this is an exciting development, with remote jobs comes an added challenge of managing security risks. A survey by the Lanop Accountancy Group, published in Toolbox for IT, shares that remote workers are more vulnerable to security risk and data breaches.

Of those surveyed, 59% reported an increase in email phishing cyberattacks since the transition to remote work.

The recent Twitter hack, in July, for example; was the result of a successful phishing campaign against Twitter employees. The attack was successful because of the urgent push to work from home.

As employees continue to work remotely, it is critical for you to put protocols in place and leverage security technology to tackle potential challenges:

  1. Start by developing a remote work policy and ensuring that it is communicated to everyone.
  2. Ascertain remote access requirements for both on-premise or cloud applications.
  3. As providing access on unknown devices can be risky, consider keeping work data on company-provided devices only.
  4. Lastly and most importantly understand the security features of the remote work solutions you are deploying and test them for scale.

Let’s talk about collaboration tools and take Microsoft Teams as an example.

Is Microsoft Teams secure?

Built on Microsoft Azure and the Microsoft 365 platform, Microsoft Teams provides several security and compliance features.

Conditional Access Policies allow you to control when, where, and how your corporate data is accessed; such as requiring Multi Factor Authentication, or not allowing staff to access corporate data from personal devices.

To protect against phishing, Administrators can require users to utilize multi-factor authentication, through Azure Active Directory, to encrypt data that is in transit and at rest.

If you’re worried about malicious content, there is an Advanced Threat Protection (ATP) feature in Teams. This feature identifies and blocks malicious content from user access.

Similarly, the application also has a safe attachments feature to ensure that the attachments are clean. Security Administrators have the ability to create policies to prevent malicious attachments from being shared and opened.

What about insider threats and data loss?

Microsoft 365 has Data Loss Protection (DLP) solutions available that will allow you to protect your Teams and other M365 data.

What about cloud security?

To ensure data security, particularly when it comes to cloud solutions, it is important to choose a provider who has policies in place to help you protect your data – whether your employees are in the office or at home.

Built on Microsoft Azure, solutions such as Office 365, Dynamics 365, and the Power Platform include security, privacy, and compliance as key components of their offerings. The Microsoft Trust Center outlines all of the security & compliance services provided by Microsoft.

Though, you don’t have to do all this alone.

As you adopt remote work, SHEA Global can help you ensure that you’re managing security risks and leveraging the right solutions to ensure your data stays protected. Contact us today to assess your business needs, review options, and formulate or update your remote work strategy.

Security Tips for Organizations With Remote Workers from The Canadian Center for Cyber Security: