The focus of the Organizations in this post-pandemic world is to shift from “Office-Culture” to “Work-from-Home” culture. As nothing comes easy, this shift itself comes with many obstacles. One of the significant issues that these organizations face now is IT Security, as the workforce now relies on their network and their own devices. Another big question that the Organizations/Corporates need to ask themselves is ‘Are the employees possess optimum technical skills to resolve any security issue (if it persists) without the help of the IT Team?’, as the IT Team can provide minimum support online.
According to the Velocity Smart Technology Market Research Report 2021, 70% of remote workers said they had experienced IT problems during the pandemic, and 54% had to wait up to three hours to resolve the issue. About ‘Data and Resources,’ office environment provides some level of security. The computers do not go home with the employees, but working remotely moves data/resources outside the office. Including confidential client data. In the typical setup, employees do not have access to the organization’s data once they leave the premises, irrespective of their rank. This practice is used to secure the risk of data loss or data theft. Without the security organizations provide us (such as Firewalls and Blocked IP addresses), we are far more vulnerable.
With everything on the internet, there is always a threat to security principles. Instant messages, emails and attachments, and data on the Cloud collectively widen the attack surface. According to CISO’s Benchmark Report 2020, organizations face difficulty managing the employees’ use of mobile devices. And at the same time, CISCO’s report says that, according to their survey, 52% of respondents say that mobile devices are a significant security challenge. According to the Information Security Magazine report, there is also a 667% increase in phishing emails by the end of February 2021. What to do? — a step ahead:
- Organizations must look for methods to make their VPNs more secure. They can upgrade from traditional usernames and passwords to smart cards. They can enhance their encryption method for access from Point-to-Point Tunnelling Protocol to Layer 2 Tunnelling Protocol.
- A centralized storage (e.g., the Cloud) should be used for securing data backup.
- Should increase the frequency of security training for the workforce.
- Must provide unique training for issues like data compromise, data destruction, device loss and security, and social engineering to their employees.
- Should place WFH security standards.
- Organizations should monitor their employees constantly.
- Should set up Firewalls and make their employees install Anti-virus software, not just to prevent, search and detect the virus but also worms, trojans, adware, and so on.
Sheetal Mohanty (MBA-ITBM 2021-2023)