Empower and encrypt: solving the top 3 barriers to secure remote working - Image by Gerd Altmann from Pixabay Most businesses have realised there’s not much to be gained by completely rolling back the remote working patterns they introduced at the start of the pandemic. Employees are used to the increased productivity and flexibility. The ability to work this way has become a non-negotiable for many.

However, the risk of cyber-attacks and data breaches rises in a hybrid working environment. The risk increases when workers in multiple locations access networks, systems and data using diverse devices. Why? Because data is constantly being transferred across and stored outside the corporate boundary. Managing the security of this becomes a massive challenge.

Almost 30% of IT decision-makers believe their organisation’s remote workers have knowingly put corporate data at risk of breach over the last year, according to research carried out by Apricorn in 2022. The respondents cited phishing and user error as the main causes of breaches in their organisations.

Cyber-attackers will keep targeting remote workers as access points to the corporate network, hoping to catch them with their guard down. All they need is for one staff member to click on a malicious link that grants them entry; from there, they can move across systems and cause a great deal of damage.

Challenges to effective cybersecurity

As part of the same study, Apricorn asked IT leaders about the biggest challenges they faced when implementing a cybersecurity plan for mobile and remote working. Three distinct problems came out on top.

The technology trap:

Number one on the list was the complexity of managing all of the technology employees need to work effectively outside the office, cited by 42%. Laptops, smartphones, tablets, removable media, productivity apps, communication tools, VPNs…the average remote working employee might use these daily.

The awareness gap:

The second biggest challenge is the ever-present likelihood that employees will unintentionally expose the organisation to a cybersecurity breach, due to a lack of awareness of the risks to data when working remotely. This was cited as a problem by 38% of respondents.

Lack of confidence in security measures

One in three IT leaders (32%) said that uncertainty around whether corporate data is adequately secured is a major issue. It’s concerning if those who are responsible for defining their organisation’s security policies don’t have full confidence in their efficacy.

This trio of challenges may have an organisation scrambling to clamp down on what its employees are permitted to do and use when working remotely. However, this will only impede agility and motivate talented people to look for a role elsewhere. The solution to conquering the issues lies in two strategies:

  • Equip employees to take on some of the responsibility for keeping data safe
  • At the same time, apply company-wide encryption.

Engage through education

Remote workers need to be the security team’s ‘eyes and ears’ when they’re out of the office. This will require comprehensive and ongoing education that builds awareness of the cyber risks the business faces. The programme must also train them in the best practice security measures they need to follow and the correct use of tools and technologies.

Providing context is vital to getting genuine buy-in. People need to understand the specific threats to the company and the potential consequences of not consistently following security policies.

Back up to create resilience

Cloud is the primary backup location of choice for many enterprises – which makes sense due to its convenience and low cost. However, relying on any single backup repository will leave data at risk as a single point of failure, particularly in the case of a ransomware attack.

The ‘3-2-1’ backup strategy – hold at least three copies of your data, on two different media, one of which is held offsite – is industry best practice. Storing one of these copies offline will protect information by keeping it out of the reach of ransomware attackers while providing the best chance of recovering and restoring it if a cyber-attack or technical failure compromises the original copy.

Employees should also be required to make offline local backups of the data they create and handle.  Backing up data to an encrypted removable hard drive or USB is a practical way of doing this. It enables information to be moved around safely from one location to another and allows the employee to get back to work faster should a crisis occur.

Make encryption mandatory

Organisation-wide data encryption of data – when it’s on the move and at rest – offers a straightforward way of addressing all three of the biggest security challenges around remote working. Encrypting data ‘scrambles’ it, rendering it unreadable to anyone who doesn’t possess the decryption key. The approach is specifically recommended in Article 32 of GDPR as a way of safeguarding personal data.

The number of UK organisations implementing data encryption is continuing to rise. One-third (32%) of the IT leaders surveyed by Apricorn had introduced a policy to encrypt all corporate information as standard in the last year. Nearly a quarter (24%) said this was due to the rise in remote working. Furthermore, 27% actively enforce the encryption of data on mobile devices and removable media.

For a belt and braces approach, the IT team should enforce policy at an operational level by locking down endpoints as tightly as possible. For instance, ensuring USB ports on computing equipment can only accept corporate-approved encrypted storage devices.

Solving the remote working support challenge

A geographically dispersed workforce can make it harder to deliver rapid and effective IT support if someone loses an encryption key or forgets a password, for instance.

There are a couple of ways recovery can be managed for remote workers. Employees could be given the capability to self-serve. However, the process can be complex from a technical point of view, not to mention the risk that the ‘key to the key’ might fall into the wrong hands.

Alternatively, recovery could be handled centrally. However, the need to rely on IT might cause delays that disrupt an employee’s ability to work and even tempt them to circumvent procedures.

Securing the lines of defence

The flexibility and agility organisations have gained through the continued adoption of remote working need not result in increased vulnerability to cyber-criminals. Focusing security efforts on the frontline defence – the workforce, and the last line of defence – encryption, will enable the business to stay ahead of evolving cyber threats, mitigate human error, and comply with legislation.

ApricornApricorn provides secure storage innovations to the most prominent companies in the categories of finance, healthcare, education, and government throughout North America and EMEA. Apricorn products have become the trusted standard for a myriad of data security strategies worldwide. Founded in 1983, numerous award-winning products and patents have been developed under the Apricorn brand as well as for a number of leading computer manufacturers on an OEM basis.


Please enter your comment!
Please enter your name here