Combating the security risk of remote working
By Libby Bagley is Community Manager at License Dashboard, who specialise in software asset management and licensing expertise for large and fast-growing organisations.
Whilst remote working had been a mere buzzword to include within workplace prediction lists over the past few years, it was forced into acceleration last year out of necessity, meaning most companies were not afforded the luxury of a gradual, staggered approach to this new way of working.
Credit where it’s due however; businesses throughout the country pulled out all the stops to accommodate their employees’ needs whilst continuing to serve their clients and customers to the highest standards possible. More than half (58%) of companies ordered new devices including laptops, mobiles and tablets, and whilst this willingness to adapt is applaudable, it’s clear that the initial focus of the pandemic was very much around their staff’s ability to still do their job remotely.
The shift now needs to turn towards the impact on cyber security. In fact, government research shows that almost half of businesses (46%) experienced cyber security attacks or breaches last year. Not only is cybercrime becoming more sophisticated, but employees working remotely leave an organisation more vulnerable to risk, with a home setup often far less restricted than their usual office environment.
What are the threats posed by remote working?
- Relaxed admin rights – with certain admin rights installed, staff can easily and quickly download free trials of products without a second thought. However, this comes with risks to financial status, customer data and corporate information.
- Using outdated software – this is one of the single biggest risks to a business, as demonstrated by the recent WannaCry Ransomware attack on Windows XP. Microsoft subsequently fixed the vulnerabilities within the Windows Server component and a patch was provided for many operating systems.
Fixing security flaws and patching vulnerabilities is one of the core functions of software updates, so by not updating to the latest version, you’re leaving yourself exposed.
Similarly, it’s likely those working from home may not be on the same centralised system for updating anti-virus software, posing further risk.
- Adding software indiscriminately
Whether simply innocent mistakes or not, rogue IT installations (which include any unmanaged or unregulated IT resources from illegal downloads to online purchases from unknown vendors), pose a risk to your business. After all, you can’t protect what you aren’t aware of.
- Sharing removable media
Another seemingly harmless action that can cause issues is in the use of removable media. When inappropriate software is shared from machine to machine, it can compromise assets, open breaches or lead to similar problems.
In addition, employees not used to working from home may share a PC with other family members without considering the implications, or click on a phishing link from an email.
And finally, as many businesses face the unfortunate realities of having to make multiple redundancies, it’s not just remote workers that pose a risk to cybersecurity, but ex-employees too. Considering former staff who may still have access to your organisation’s network is imperative.
Using software asset management to protect against the risk from remote working
Ransomware attacks are not only becoming more frequent, but more complicated to protect against, with physical assets, software assets and cloud-based systems to consider, as well as employees scattered across a variety of different locations and devices.
Software asset management (SAM) tools give you complete visibility of your entire IT estate, including all software licenses and deployments. This provides you with the very starting point of your security strategy, by establishing where any potential risks could stem from. It allows you to ensure all products are up to date and patches have been installed, as well as making sure that any vulnerabilities which could affect the business are promptly removed.
Software asset management tools also tell you how this software is being used, and on which version, understanding behaviour is of course key to mitigating risk.
It’s this insight which will see SAM teams working more closely with other departments, from compliance, to HR, to finance and C-suite. Cyber security is no longer a responsibility that falls cleanly within one department. The sudden shift to remote working will leave businesses at an increased risk throughout this coming year and beyond, but through a range of actions from educating employees of the risks posed and how to avoid them, to sharing data and knowledge with IT and security teams, SAM Managers can play their role in protecting the organisations they work for.