Although remote work has been a growing trend in businesses and institutions over the past few years, the global outbreak of Covid-19 has forced any businesses who can to accelerate remote integration plans, catapulting many routine interactions online before leaders felt ready.
People should take comfort in the fact that this process has already been pioneered, most commonly in the form of moving productivity software to the cloud. Before the cloud, most knowledge workers maintained their own local copy of a document. A file was created on their desktop, then sent to a colleague over email, then the edited file was shared with another colleague. Rinse and repeat. Business proceeded as usual, but with precious time spent managing multiple docs and version control.
When productivity tools designed specifically for collaboration arrived on the scene, like my own team’s G Suite tools, teams were able to collaborate on the same document, at the same time, while keeping an eye on changes and progress no matter where in the world they or their teammates were located.
But because most security policies and practices were not built with today’s digital offices in mind, these remote cloud workspaces can also create opportunities for bad actors to compromise users and data. It’s already become fairly common for employees to spend more time working outside of the office than at their desks. With the rapid uptake of cloud services and digital sharing tools in recent months, companies need to stay especially vigilant and keep these underlying security challenges in mind.
This is an on-going journey, and recent events have taught us what an unpredictable one it can be. Here are some helpful practices I’ve learned on the job that will help teams communicate effectively without jeopardizing company security.
Adapting our approach to security is all the more important now, when organizations need to embrace the dynamic remote environments of a distributed workforce head-on amid the Covid-19 outbreak.
Specifically, as access to corporate data from public networks and personal devices grows, organizations need to ensure that they can preserve all levels of protection on the corporate network and company devices.
It’s essential for remote workers to ensure that connections to corporate resources over a public network are encrypted in transit. Untrusted networks, such as open WiFi access points in airports and other public spaces can expose remote workers to threats. A rogue access point or compromised network infrastructure could allow a malicious actor to capture network traffic, giving them access to any corporate data that’s transmitted in the clear.
Remote workers often find that using personal devices to access corporate apps and services makes them more productive, but these devices are also a source of risk. Malicious actors are much more likely to be able to trick a user into installing malicious software when they’re not protected by their corporate network’s defenses, or if they’re using a device that doesn’t have the latest security updates installed.
IT departments make it a priority to ensure that corporate-owned devices are patched regularly and have device security software installed. Device management can require users to turn on security features, such as data encryption, and enforce the use of strong passwords before allowing a personal device to access business-critical apps.
These challenges have increased pressure on IT teams to simultaneously and swiftly implement security and foster employee agility. Now, it’s no longer just a team of admins responsible for maintaining security. Every employee has a part to play.
But all users, whether a CEO or an intern, must be equipped to make smart security decisions like spotting a potentially dangerous attachment or suspicious email. Advanced phishing tools and malware warnings are important aids, but teams still need the right education.
At Google, we’ve been collaborating across a global extended workforce for years. We’ve experienced these challenges first-hand as the company has grown to more than 100,000 employees. It’s why when we design solutions, we think about how we can make security and collaboration easier for everyone.
One of the first steps is to consider how to educate employees and provide guidelines so they are acutely aware of potential threats to the organization, such as business email compromise (BEC). Security trainings and warnings should be simple to understand. They should give a clear call to action for employees. For example, you can learn to recognize if a shared folder or link is coming from a legitimate sender, or how to spot invalid login pages asking for corporate credentials. By making end-users themselves part of the security ecosystem, companies can help defend against more sophisticated attacks, such as spear phishing or BEC, without placing an undue burden on IT. This baseline education can be reinforced when heightened awareness is required, such as the global pandemic we currently find ourselves in.
Collaborative decisions about security don’t just have to happen in the boardroom. Admins can allow employees to self-enroll in comprehensive account security options, like our Advanced Protection Program, for the enterprise, which requires users to implement best practices like using security keys to protect logins. Through continuous education, employees can feel empowered to make decisions such as reporting malicious email links that could leak company credentials or adopting stronger two-factor authentication methods like security keys for account protection.
Employees should be a part of your security solution, not a roadblock, and structuring collaboration in this way will make unexpected shifts in the workplace, like the one so many are experiencing with the evolving COVID-19 situation, that much easier.
I believe that companies’ fundamental shift to remote working and collaboration is a positive trend that will lead to enhanced efficiency, deeper collaboration, and more creative thinking. As we embrace it, let’s find ways to make sure security is a team effort.