Does smart working make businesses vulnerable from the point of view of accessing data that is likely to be uncontrolled? The answer is yes, but it is also true if a company decides not to implement the smart working, i.e. to remain on the analogue pole.
In a simple, but not trivial way, it must be said that the transition to digital work, especially for those realities that start from a situation of total absence of methods of sharing information outside the corporate perimeter, must be managed on different levels of protection and storage of data, in order
We wanted to talk about this in simple terms with Candid Wüest, who as vice-president of the Cyber Protection Research division of Acronis, is a data protection expert intended as a protection of the value of the company.
What are the risks that a company risks when it opens up, from scratch, to smart working?
When a company decides to start using smart working, there are some things to consider. Of course, this decision affects many aspects of work: hours, performance review, psychological factors, ensuring, for example, that the employee does not lose social contact with colleagues, providing business equipment such as laptops or webcams. In addition, there is also an increased risk of cyber attacks.
When working remotely, laptops and smartphones are often exposed directly to the Internet or unsafe networks. This means that devices need endpoint protection solutions to protect local services from external attacks. If, under the sign of the BYOD policy (Bring your own device), companies allow the use of private equipment, the IT department must follow and apply basic security policies, such as frequent system updates, malware protection and rating This compliance check can be performed before any VPN connection or on a regular basis through the cloud.
Having a compromised workload due to missing software components, unsafe configuration or simply via infected emails or websites happens more often than you think. Once an account is compromised, attackers can search for anything that is of interest. They could use stolen credentials to access other services. If these services are in the cloud and no special monitoring is enabled, it is likely that the company will not notice harmful accesses until it is too late. Multifactor authentication can help limit this risk. In addition, a compromised workload can be used as a springboard to attack the corporate network when a new VPN connection is established.
Businesses must ensure that their employees have approved collaboration tools to enable them to work efficiently. If tools are not provided, employees will use their own solutions that may result in data breaches. For example, if no secure file sharing service is implemented, the employee may upload sensitive unencrypted and unprotected data to cloud servers of his choice, exposing data to attackers. The same applies to unencrypted backup files that could be stored on external drives.
There is also a regulatory aspect, for example for relevant data on privacy under the GDPR, which requires to ensure that data is always secure. Until the process of eliminating data from a workload of employees if they leave the company one day. In addition, all devices should use disk encryption to ensure that no one can access data in case of loss or theft of a device.
As you can see, the risks are at various levels. It is essential to ensure that your data is always available and accessible wherever you are. It is important to check who has access to data, verify authenticity and protect it from malware and hackers. This is exactly what Acronis offers with its SAPAS approach incorporating the five pillars of the theme: Safeguarding, Accessibility, Privacy, Authenticity and Security.
Is the cloud the platform that absorbs everything you do in smart working or is there a hybrid solution?
The cloud with its many SaaS offers is the ideal environment for smart working and for employees who want to be able to access their data wherever they are. For some applications like office applications, a hybrid approach makes sense, so that the employee can work offline if necessary.
Having a solid authentication process is the key to cloud services. This includes complex unique passwords, as well as multi-factor authentication or even hardware tokens. Depending on the type of activity and number of cloud services used, it may make sense to have a single sign on solution to centralize all access requests. This simplifies the authentication and exit process when an employee leaves the company and all granted access tokens must be revoked by the administrator.
In a real smart working environment, a traditional office network is often not needed and everything is connected through the cloud. This means that data must be protected both while in transit and when they are inactive in the cloud.
How should the backup, the persistence of data be managed in a smart working scenario?
Data is the most important asset in today’s connected world and must often be backed up. A recent global survey by Acronis showed that 43% of companies had periods of inactivity this year as a result of data loss. Another 41% claimed that they lost revenue and productivity due to data inaccessibility. It is therefore essential to have a backup and recovery plan. Due to the dynamic nature of smart working, sufficient bandwidth may not always be available to create a complete backup in the cloud. It is therefore recommended to create backups in two different solutions, for example on a local hard drive and in the cloud. Working with incremental backups and delaying loading until a strong WiFi signal is available can help improve performance. When you store backups off site, you should encrypt them.
How should the security of business communications be coordinated, with what tools and procedures?
It is advisable to have a central information environment with some documents and guidelines that employees can follow in case of specific doubts. This includes a description of the collaboration tools allowed such as video conferencing software, VOIP phones and file sharing platforms, and a process to request the evaluation and acceptance of new services. Security policies should be applied on all workloads accessing company data. Depending on the installation, this can be done by group criteria in Windows AD environments or by additional agents. Such conformity check may ensure that the criteria are applied. The system is frequently updated and consequently created backups. In addition, it is useful to hold awareness sessions to alert employees of the different risks and inform them about how they should report suspicious activities or other data issues. It is essential to have a targeted and short communication plan. Especially during these times of crisis, when people tend to be very stressed and unprone to receive too many indications. Therefore, harassing employees with proposals for uncoordinated activities would be counterproductive. This also underlines the importance of ensuring mental health and employee motivation, otherwise it will increase the risk of accidental errors such as clicking on suspicious email attachments, or that of data thefts by disgruntled workers.
In summary, what are the solutions and IT skills that must not be lacking so that a company in smart working can have business continuity?
To support smart working procedures should be efficient and automated where possible. To allow employees to be productive when and where they need it. This requires quick indications for problem solving if some services are not available. Since most services have passed to the cloud, and today you can access them from any web browser, all employees need is a fast and reliable Internet connection. A crucial element to keep this configuration safe is a multi-factor authentication that is effective and secure. Since data availability is essential, workloads and services must be fully protected, regardless of where they are located. This goes beyond isolated backups or antivirus solutions, but rather incorporates a comprehensive protection strategy.