ThinScale has been involved in multiple remote working deployments across a broad section of industries. We’ve worked closely with BPOs and contact centers as they’ve successfully transitioned 1000s of agents from traditional, on-site operations to a full or partial WaH (work at home) set up.
We’ve seen, 2 years or so into the pandemic, that remote working is not a short-term operational change. It has now become a foundational pillar for many organisations, reducing costs, ensuring business continuity and reducing agent attrition.
Security leaders are therefore being asked to safeguard their organisations with long term policies and tools that are designed with remote working in mind.
Creating a Framework for Secure Remote Working
Quantify the security threats to remote workforces
Organizations in 2021 saw a massive increase in cyber security breaches, even compared to 2020’s astounding numbers, exceeding them by 17%.
While remote/hybrid working is undoubtedly beneficial, it does introduce potential new security considerations that IT leaders must mitigate against.
Instances of data leakage, access control, device theft, and so on have all increased in the past two years. All organizations require an updated and modernized cyber security framework for remote & hybrid working environments which they should follow clinically.
Adopt secure remote working software
Historically, security leaders have been reluctant to recommend remote working as it necessitates the workforce operating outside of the secure, on-site network which can be carefully managed and controlled. However, there are software solutions that are designed with this concern in mind, and allow security leaders to create a protected environment that is centrally managed and PCI, HIPPA and GDPR compliant.
Crucially, this software protects the agent and the organization by dramatically reducing their capacity to make human errors through pre-defined restrictions on what they can and cannot do with their device.
Remote cybersecurity assessment
The next step an organization must take is assess their cybersecurity maturity. The way most organizations do this is take an existing framework, like the NIST Framework and compare it to your own. This assessment is to be all-encompassing, from IT governance to security technologies.
The reality is, standard security assessments solutions were created in the context of office-based, closely controlled networks, using corporate devices exclusively. Typically, they were not created with the unique demands of a modern, flexible workforce. This is why comparing and updating your existing strategy against an updated & established framework is vital.
Update your documentation & increase employee training
It is vital to ensure the whole strategy is documented, including cybersecurity plans, policies, guidelines, key stakeholders, procedures and anything else needed to define what is required to achieve your objectives. This documentation must be frequently kept up to date with active feedback from the members of your IT department. It must also be ensured that the documented procedures and protocols are understood by any helpdesk or IT support staff.
Typically, these documents include:
- An up-to-date risk assessment
- Cybersecurity plans & policy
- Cybersecurity Technologies
- Security Guidelines
- Breach procedures
- Cybersecurity training plan
A 2021 report carried out by the UK government found that only 11% of businesses provided cybersecurity training to non-IT employees. The report coincides with an all-time high number of security breaches at 1,291 in 2021. DDoS attacks grew by 500%, and cybercrime is on track to cost a the world $10.5 trillion annually by 2025.
Educating your staff in remote cybersecurity best practices will result in:
- Stronger resistance against breaches and attacks: 95% of cyber attacks occur due to human error (keyloggers, screen scrapers, phishing, etc).
- Increase customer/client confidence: In a 2020 Arcserve study 70% of consumers said they believed organizations are not doing enough to ensure cybersecurity.
- Compliance: While meeting compliance standards should be a standalone goal for any organization when it comes to data security, more QSAs are demanding security awareness training for all employees depending on industry.
Taking the next step towards a secure remote workforce
ThinScale helps enterprise organizations and their security leaders to create a protected, centrally managed virtual environment where employees can work securely from any location.
Our Secure Remote Worker solution is trusted by the world’s top 10 BPOs and contact centers, helping them to deliver a secure and compliant IT framework for a remote or hybrid workforce.