There is still a surprising lack of security awareness among employees. Recent research revealed that only a quarter could identify a phishing email, and one in seven believe that malware can physically spread from one machine to another beside it. As remote working becomes an imperative, a 360-degree approach to security is now critical, to mitigate the risk from the weakest link in the chain: people.
Of course, I'm not talking about your people. No doubt your users have automatic updates scheduled for installation overnight. They've all read the guidelines on phishing attacks and they've completed the training about online safety.
Sadly, the numbers suggest otherwise. The fact is, Media Pro reports that 70% of users lack basic cybersecurity knowledge. And figures from Ostermann Research show that less than a third of employees can identify at least two warning signs of a malware infection on their device.
It’s far too early to say how the emergency move to remote working will affect working practices in the long term. Nevertheless, many organizations must now be considering their approach in the light of the success or otherwise of their experience of operating a largely remote workforce.
The very latest news from the homeworking front line is that most employees – 82% – feel that their employers were pretty well prepared for the sudden change. But OnePoll research also found that security has been one of the biggest challenges for users.
- 33% said that strict protocols and lack of single sign-on made working from home more difficult.
- 16% reported frustrations with slow VPN connections.
Yet SurePayroll has found that more than three quarters of workers say they achieve maximum productivity at home. And Airbnb research tells us that more than two thirds do not see person-to-person interaction as an essential part of their work.
The risk is that embracing remote working more widely could create more security problems than the productivity increases and cost savings that it delivers. As ever, security needs to be the enabler of greater freedom, rather than a constraint.
User education is critical to the success of any security deployment. But as the figures show, it's not realistic to leave it all up to them to take care of their security needs.
Fortunately, there's plenty you can do to keep things as simple for them as possible without compromising your security posture. The key is to make life simple for yourself too, so that security doesn't have to consume every working moment, except for the specialists working on strategy.
New approaches to security, such as Lenovo ThinkShield, unify devices, security standards and third-party technologies in an orchestrated whole. In particular, there is a recognition that prevention and protection must operate from end to end, including personally owned endpoints, and even components moving through the supply chain before devices are manufactured.
You can bring technologies such as MobileIron device management, Windows Autopilot and Absolute Application Persistence under a single management deployment. At the same time, Lenovo Business PCs have their own advanced defenses built-in, such as biometric authentication, ThinkShutter webcam covers, and ePrivacy filters that restrict the field of view and protect against shoulder surfers.
Users need to have little or no involvement with these solutions, beyond closing the camera shutter if they want to. And, in keeping with the concerns about intrusive security among home workers, they will rarely know that the defenses are at work.
It's a mark of the quiet brilliance of business IT teams that so many workers think their organizations were ready for the sudden move to remote working. The next number to watch is the OnePoll finding that nearly 40% of employees expect their employers to be more relaxed about remote working.
With the right security approach, what started as a well-planned response to the ultimate Black Swan event could become an elegant and sustainable enabler of business success.