By Jaspreet Singh
The onset of Covid-19 pandemic led to the closure of offices throughout the country making work from home a popular choice across sectors. After work from home being opted by most private organisations even government offices joined the bandwagon considering it as the best available option during the pandemic. With remote working becoming notably popular in both the government and the private sector, the government’s decision to make it a part of the efficient work culture in organisations is highly appreciated. A separate model standing orders for the service industry coupled with the incorporation of work from home as a formal establishment truly gives the sense of importance of the subject. Also, the acceptance of importance of IT and cyber security in ensuring unperturbed growth of the service sector has been showcased by the government by prescribing unauthorised access of any IT system, computer network of the employer, customer or client as a misconduct.
The government has eased requirements for remote working by subjecting it to the agreement between the employer and the employee. This first of its kind initiative of the central government addressing specific needs of the service sector and addressing the importance of work from home during the current pandemic could be considered as a beginning of the age of formalised remote working. However, security is an aspect one must be worried about. The standing orders will surely encourage organisations as well as/ employees to opt for remote working, guaranteeing their rights are safeguarded. However, the question is do we have a mature environment to migrate the workforce off premise? The reality is, even though the last year witnessed organisations successfully operating remotely, not every company has adapted to the working from home standard with the same finesse. On ground, we foresee many security gaps created by remote working. Cybersecurity for organisations is a serious issue, mainly because everything involves data in the current times. Without a mature cybersecurity practice, sensitive/confidential information is at a high risk of being exploited.
Remote employees are considered as the biggest threat to the organisation network security. With the transition to remote working employees are still muddled on the concept of secure working. An organisation can surely set up VPNs for employees, issue devices to work, deploy firewalls and dedicated security software’s etc., which for sure are security measures, however, the human factor becomes a weak link, and can we say that these measures cannot be circumvented. Cyber-attacks have evolved over time that it is becoming increasingly harder for employees as well as the organisation themselves to guarantee security at all times.
The more devices hosted on cloud; the more vulnerable connection gets. With employees working remotely for the predictable future, hackers are more attracted to target home network to finally infiltrate the corporate network. A conventional office network is well protected against data loss and privacy risk as they have a series of institutional protection, however, a typical home network is void of it. An organisation may secure their network and devices but securing the personal Wi-Fi network of a remotely working employee is a humongous task. Not only remote workers have their own privacy at risk, weak working from home could result in breaching company security hence a greater risk.
Encrypting data stored on network is a common cybersecurity practice, but do organisations cyber practise allows them to encrypt data even in transit. Work from home has also seen a rise in the usage of internal communication and collaboration tools. These tools have undoubtedly facilitated hassle free communication; however, do they also ensure the required level of cybersecurity? Employees share a lot of sensitive information through these channels that they cannot afford an intercept of a hacker or in general, data loss.
Before standardising the work from home culture, the current workforce needs to be prepared so that organisations could get the best out of planning’s and implementation proposed by the government. Organisations will have to implement robust work from home policy, stringent and continual security and privacy assessments, training and awareness drives, redefine and improvise the current security controls and invest in cyber insurance. Employees will require a formal training to educate them on the threats that the remote culture brings. As a country we are dealing with both tech and non tech employees traversing the cyber world and it will be imperative that employees understand and implement cybersecurity best practices. Be it training on pass phrasing passwords, avoiding phishing emails, secure file transfer practices, using dedicated cybersecurity software’s to periodically be updating home WIFI routers software aligning to company policy etc. all this will require in-depth planning and implementation at ground level.
The current attempt by the government to completely normalise and formalise remote working is a great step for the service sector, however ensuring optimal cybersecurity is a pressing challenge which will require a robust work from home security framework setup. For now, as remote working is gradually becoming the new normal, and digitisation is expanding, we can simply hope for a better cybersecurity this year.
The author is partner, Cyber Security- Africa, India and Middle East (AIM)- Consulting, EY