Remote Work Security

INCREASE SECURITY WHERE YOU WORK:NEW DEFENSIVE STRATEGIES.

The debate over the future of work has mainly centered on remote versus in-office. But in reality, many businesses are ultimately settling somewhere in between. Work, in short, has gone mobile.

Home offices, coffee shops, airports, or in the car waiting to pick up a kid from school—they’re all locations where you may be prospecting a new client, working on a presentation, or checking email. At the same time, many of us still commute into the office a few days each week.

In fact, 52% of U.S. remote-capable employees work in a hybrid environment, according to a Gallup study. This rapid shift in how and where we work means that companies must reevaluate their enterprise data security controls and policies.

52% OF U.S. REMOTE-CAPABLE EMPLOYEES WORK IN A HYBRID ENVIRONMENT. Source: Gallup. Global Indicators of Workplace Performance & Societal Health, 2024.

The risks of a distributed workforce.

Protecting corporate resources and end-user network access was easier when most employees were working on site. But remote and mobile workers are more exposed to cybersecurity threats, and those threats are becoming more sophisticated and challenging for an employee to detect.

Even companies with strict on-site work policies must prepare for the inevitability that, at some point, employees may seek to access corporate resources from an external location. Many Americans acknowledge that public Wi-Fi is not secure. Yet, according to Forbes, 21% admit to using it for work purposes, when instead they could be using a more secure cellular data connection.

21% of workers use unsafe public wi-fi networks. Source: Forbes. The Real Risks Of Public Wi-Fi: Key Statistics And Usage Data, 2023.
“The whole attack surface increases as soon as an employee leaves the office. They become an easier target,” says Clarence Foster, Business Information Security Officer with T-Mobile for Business. “That’s why employers must make sure their employees are secure no matter where they are working, and make sure cybersecurity is a seamless part of their workday—not a hurdle to overcome.”

“Make cybersecurity a seamless part of the workday.”

Clarence Foster, Business Information Security Officer, T-Mobile for Business

A growing threat landscape.

Cybersecurity threats are growing in number and impact. For example, phishing attacks jumped 47% in 2022, compared to the previous year, according to a Zscaler report. Meanwhile, the average cost of a breach reached $4.45 million in 2023, an all-time high, according to IBM.

Work-from-anywhere defense models.

Many organizations aren’t protected against remote working security risks that the new modes of work can bring. They must start to adopt new defensive strategies to reduce the risks. Here are two complementary approaches to consider:
A businessperson works on a connected laptop while commuting on a train.

Zero Trust.

One of the most popular and effective cybersecurity strategies is a “Zero Trust architecture” approach. With Zero Trust, businesses adopt the attitude that no human or machine can be trusted. Your organization should establish new dynamic authentication and authorization processes that should be followed whether an employee or machine is inside or outside the office.

“Enterprises can no longer rely only on the traditional perimeter security model,” says Todd Gibson, a member of the T-Mobile Technical Staff Cybersecurity Strategy team. “They need to develop dynamic access control capabilities so that every resource access attempt is authenticated and authorized.”

For those in the early stages, the National Institute of Standards and Technology, or NIST, provides a helpful overview of the key tenets of Zero Trust.

SASE

Another increasingly important transition is the move to secure access service edge, or SASE (pronounced "sassy"), the consolidation of multiple networking and security functions into a single, secure, integrated cloud service.

A SASE architecture incorporates various security services, including secure web gateways, intrusion detection and prevention, firewalls, and anti-malware. It’s a flexible architecture that you can adjust for each of your departments’ needs and workflows.

With SASE, companies can quickly check for the proper authorizations before granting an employee permission to the network. SASE creates a highly secure, direct connection between a user’s device and the data while safeguarding their online experience.

THE AVERAGE COST OF A DATA BREACH $4.45MM. Source: IBM. Cost of a Data Breach Report 2023, 2023.

Best practices for defending a distributed workforce.

In light of a more mobile workforce, businesses must continue to bolster cybersecurity in the face of ongoing threats. Here are tried and tested ways of doing that:

Prioritize the highest need.

Evaluate your highest risk and the potential impact of investing in those areas. Spend budget addressing these issues first, and then tackle other areas as budget allows.
A professional checks a tablet while standing inside an office with view to a manufacturing plant.

Offer role-specific threat training.

Even with all the best cybersecurity technologies in place, there’s a good chance hackers will find their way into your network or systems—maybe through phishing and other forms of social engineering.

So, business and technology leaders must constantly educate employees on the evolving threats. For example, a customer care team might receive training on the dangers of social engineering, while developers get a deep dive on secure coding techniques.

A businessperson displays several charts on a video screen and presents them to a coworker.

Test, pilot, and integrate.

The transition to a more secure, Zero Trust architecture is a long-term commitment, with each step vital to the success of a program. The Cybersecurity & Infrastructure Security Agency, or CISA, has published a Zero Trust Maturity Model that can assist in developing roadmaps.

The security team should be the first to pilot any new security control solutions. Beyond the initial pilot, smaller groups of employees could receive early access to the new control(s) to determine if further fine-tuning is needed. These pilot and small group trials can be conducted with employees from across business units; each may have different needs. After any necessary adjustments are made, companies can roll out the initiative to the entire workforce.

Becoming more future proof.

Hybrid work is here to stay. In fact, senior executives expect fully remote and hybrid work to grow in their businesses over the next five years, according to Harvard Business Review.

So, the message is clear: Now is the time for business leaders to embrace work-from-anywhere security practices. It’s the best way to better defend and support their distributed workforces in an increasingly treacherous digital environment.

More resources.

A professional working on his computer.

Why it pays to hire your own hackers.

These tech-savvy experts uncover network and application vulnerabilities, so you can fix software bugs before they become data breaches.

A professional holds a laptop and points at the screen to show it to his coworker.

Taking action before cyberattacks happen.

Strong passwords aren't enough to fend off dangerous security threats. You need robust authentication and multi-layered defenses.

Count on our security solutions to safeguard your business.

Get ahead of threats