Managing the cybersecurity risks of remote working
Libby Bagley, Community Manager at License Dashboard, explores the cyber threats arising from remote working.
The pandemic has arguably been the greatest accelerator of digital transformation, spurring a global move to remote working, and forever altering the way we do business.
However, working from home inevitably leaves an organisation more vulnerable to security threats. With many companies shifting to the cloud and taking advantage of popular tools like Microsoft 365, employees are accessing files and software from multiple locations, networks and devices. Whilst these capabilities may be beneficial from an operations perspective by promoting greater collaboration and productivity, they aren’t without their risks.
Add to this reliance on cloud-based software, both a growing number of security breaches, and increasingly sophisticated malware, and it becomes clear that the safety of remote working is something every business needs to be prioritising.
The security risks posed by software and how to stay on top of them
The average home environment is far less robust in terms of security than a typical office setup, with admin rights, for example, enabling staff to easily and quickly download free trials of products that pose a threat to important information like customer data and financial stats. On top of this, remote teams are unlikely to be on the same centralised system for updating anti-virus software. Here are some of the most common problems:
The use of outdated software
One of the biggest risks to your businesses is outdated software, or employees not updating software. This makes you a target for cyber criminals. Software vendors are continually fixing vulnerabilities and adding patches, and it’s important to take advantage of this. Putting off updates leaves you exposed to security flaws so it really isn’t worth the risk.
Adding software indiscriminately
A key way to stay on top of software misuse and its impact on cybersecurity, is to stay vigilant to rogue IT installations and unmanaged or unregulated IT resources. This includes everything from illegal downloads to online purchases from an unknown vendor, and becomes even more of a risk if employees are sharing devices with other household members.
Sharing removable media
Another common issue, but one that can cause real issues, is the use of removable media. When inappropriate software is shared from machine to machine, it can compromise assets, open breaches, or cause similar problems.
In order to mitigate these problems you of course need to be aware of them, and in order to be aware of them, you first need full visibility of your entire IT estate. This is where software asset management (SAM) comes in. Software asset management is the practice of overseeing every aspect of software asset management, from deployment to end of life. A comprehensive SAM strategy gives you a complete view of all the software licenses and deployments within your organisation, as well as how this software is being used, by whom, and when – user activity is key when mitigating risk.
SAM tools also allow IT departments to establish that all products are up to date and any necessary patches have been successfully installed, and often, these updates and patches can be automatically downloaded or deployed by the systems SAM tools hook onto. This goes a long way to making sure any vulnerabilities that could affect your business have been removed.
The challenge of managing software licenses during a pandemic
Keeping track of software licenses is even more challenging during a time of high staff turnover. Many businesses have had to make redundancies, with unemployment levels recently reaching 5%, while other companies are looking to rebuild their workforce and fast. As staff come and go, applications may be assigned to individuals who no longer work for the organisation, so managing software licenses needs to be a core part of your leavers and movers policy; not only for cost control, but cybersecurity too. After all, as we’ve touched upon, you can’t protect against what you aren’t aware of.
Making security and software asset management a part of your company culture
It goes without saying that if you want to alleviate risk, then people must first be educated on what those risks are. When it comes to a new way of working, such as a shift to the cloud, or simple seemingly harmless acts like sharing software between machines, many employees will be unaware of the implications of their actions, which is why it’s so important to raise awareness of the link between remote working, correct software usage, and cybersecurity.
It’s something that needs to become part of your culture, and one that needs to incorporate different departments. Software asset management and security no longer sits firmly in the IT department’s remit, but should involve team leaders across all areas of the business, including HR.
When the pandemic initially hit and the first lockdown came into place, the emphasis was very much on productivity; ensuring an individual could continue to do their job efficiently from home. With remote working set to continue in some form or other for many businesses, this priority needs to shift towards security and that means increasing visibility of your business’s software use.
Libby Bagley is Community Manager at License Dashboard, which specialises in software asset management and licensing expertise for large and fast-growing organisations.
WIN DEFENCE PROCUREMENT OPPORTUNITIES
By registering for Supply2Defence you will gain access to free procurement resources that will give you a deeper insight into defence procurement. Getting to know the world of defence procurement is the first step – finding relevant tender opportunities is the hard part. When you register for our Tender Alerts portal you will receive daily tailored defence tender alerts – this means your business will never miss an opportunity that is relevant to your business profile.
Start your search for defence contracts with Supply2Defence.
For companies that may not consider themselves a good fit for a defence contract, the infrastructure sector is a perfect example of how virtually any company can engage with the defence marketplace.
Five new contracts worth £650-million have been awarded to industry to deliver crucial building and maintenance services for more than 39,000 Service families. Forming the