Originally featured in Kochie’s Business Builders on 26 May, 2022.
So, you’ve jumped on the hybrid work train and let your employees take their work devices home to use – but have you ensured those devices are safe from cyberattack? Martin McGregor, CEO and co-founder of Devicie says tightening your cyber security is the most important thing you should do if your staff work from home.
The rapid rise of remote and hybrid work has drastically expanded the threat landscape, with employee devices becoming among the most exploited attack vectors.
Around 90 per cent of attackers are now breaching company defences through employee devices. The smartphones, tablets and laptops that were quickly deployed at the start of the COVID-19 pandemic massively expanded the threat surface and the number of potential targets for cybercriminals.
Security challenges for hybrid businesses
Workplace flexibility has also created huge opportunities for criminals intent on stealing data and extorting money from businesses. This is why ransomware has skyrocketed to become one of the most prevalent issues facing Australian companies.
Cyber criminals have also upped their game. As well as demanding ransoms to release encrypted data, many have also taken to stealing data and threatening to release it into the public domain to ‘incentivise’ victims to pay ransoms in untraceable cryptocurrencies.
In today’s hybrid world, businesses need their people to be able to work securely from anywhere, across multiple devices, at any time. But IT and security teams face a challenge. They must enable anywhere and anytime productivity on a wide variety of endpoint devices while keeping data and systems secure.
This requires a delicate balancing act where security and compliance are important, but can’t get in the way of employee productivity.
When security gets in the way of productivity, employees create their own workarounds, inadvertently increasing the attack surface and making businesses more vulnerable to attack.
At a time when demand for IT skills outpaces supply, it doesn’t make sense to focus limited resources on time-consuming workaround device management. This is especially true when tasks such as application management, packaging and patching – to name a few – can all be automated.
It’s time to adapt – and fast
Just as employees shifted to remote work, IT systems and processes need to similarly adapt. By leveraging automation and cloud-native technology, IT teams can better serve employees and help prevent security incidents by ensuring their applications and operating systems are always kept up-to-date.
When system updates that keep devices secure are automated and unintrusive, employees enjoy increased productivity through fewer interruptions to their work – and data loss is greatly reduced as a result of a cyberattack.
Effective employee device management can also ensure only authorised applications can run on a device. This means software that is inadvertently installed, such as ransomware that enters a system through a phishing attack, can’t run. Automation can ensure data is regularly backed up and, in the event of accidental data loss or an attack that gets through a business’s defences, data can be rapidly restored without hands-on intervention by the IT team.
The benefits of security are not only limited to better protection. Done right, security on end-user devices can act as a business and productivity enabler. Application allow listing is a prime example. By securing authorised applications behind a company portal, employees can access the applications they need, when they need them. This is a huge efficiency outcome that is worthwhile on its own.
Know the Essential Eight
The Federal Government, through the Australian Cyber Security Centre, has published its Essential Eight security controls. These guide businesses on the steps to take to protect their systems and mitigate the risk of an attack.
Using automation to streamline device security and management is a fast and easy way to reach the highest level of Essential Eight maturity and help avert a serious security incident.
With threat actors seeking to exploit the burgeoning number of remote devices, organisations stand to gain a significant advantage by leveraging automation in their device management. In doing so, they will effectively strike the security and productivity balance that is needed for employees to thrive, regardless of location or device.