September 1, 2020
Work Is No Longer Tethered to the Office. Neither Should Security.
The coronavirus pandemic forced the world’s workforce to retreat from their offices in a hurry. In that process, it proved something many of us already knew: employees can work productively without needing to be physically present or connected to the corporate network. Assisted by cloud-based productivity apps, tablets and smartphones have untethered us from the office space. At any time, I can pull out my phone and resume working via the cloud.
While work no longer revolves around an office space, security still does for many organizations. Most security infrastructure still assumes that everyone is connected to the corporate network and under the protection of perimeter-based security. This is why virtual private network (VPN) was one of the first investment increases when everyone shifted to remote work.
Security teams worked to ensure their perimeter security extended into their employee’s homes. But this is not sustainable, especially as workers are turning their personal tablets and smartphones into work devices to stay productive. Every one of your remote workers now represents a remote office. So if you have 5,000 employees, you have to be able to secure 5,000 separate offices.
Now that we know remote work is here to stay, it’s time for us to fundamentally rethink how we secure our organizations.
Personal devices have become the key to productivity
Personal phones and tablets have emerged as a vital productivity tool as we settle into working remotely. The flexibility these devices provide makes it much easier to stay productive while juggling other responsibilities while outside the office.
In mid-March, when most organizations sent their employees home for work, Lookout saw a 25% jump in iOS device usage. Since then, the usage continues to increase steadily, showing the shift people have made to using mobile devices for work.
But personal devices are double-edged swords. As unmanaged devices that don’t connect to the perimeter network, they can create blindspots in your security posture. Yet, they have seamless access to your corporate data from cloud suites such as Office 365 or G Suite.
The dilemma organizations are faced with is “how do I empower my workers to stay productive with their mobile devices while still being able to secure my data?”
Simply extending your perimeter will fail
VPN was what a lot of organizations turned to when they were confronted by the sudden shift to remote work. The idea was that if they expand the capacity of their VPN, then everyone can use it and be under the protection of their perimeter security.
The problem is two thirds of employee devices – smartphones and tablets – aren’t secured by a VPN. At the same time, they’re connecting to your SaaS applications and data in the cloud. Mobile devices and cloud apps have reduced the need to use VPN to access work.
While VPN can protect you against network threats, it’s far from perfect. Besides the bumpy and slower user experience, you’re relying on your workers to be on it at all times. It also doesn’t protect devices from phishing threats. So if a device that has access to your VPN is compromised, then you’re allowing a subverted device to have privileged access to your network, apps and data.
One of the easiest ways your devices can be compromised is by mobile phishing attacks, which are on the rise as we’re all working from home. Cyber criminals understand that we’re using our phones and tablets more, and that we’re using them to access sensitive information via cloud apps. As I referenced in one of my last blogs, Lookout found that there was a near-40 percent spike in phishing encounters among our enterprise customers in the first three months of 2020.
Now is the time to secure phones and tablets
It’s understandable that many of us were thrown off by the unexpected need to secure a fully-remote workforce. But this unwarranted experiment may have been a good thing.
Tablets and phones have already been moving your workers outside of legacy perimeter security for a while now. The pandemic simply sped up the transition and forced you to confront the new reality.
While the shift was not entirely by choice, a lot of us are finding out the positive sides of working from home, whether it be cost savings, life-quality with no commute or a more productive workforce.
This is an opportunity for you to rethink how you secure your organization. Rather than using legacy VPN technology to solve a modern problem, use security that goes everywhere your workforce goes and to the devices they use – their smartphones and tablets.
If you’re interested in learning more about how to properly secure your workers in this new reality, check out our remote workforce page to learn more.
Book a personalized, no-pressure demo today to learn:
- How adversaries are leveraging avenues outside traditional email to conduct phishing on iOS and Android devices
- Real-world examples of phishing and app threats that have compromised organizations
- How an integrated endpoint-to-cloud security platform can detect threats and protect your organization