Securing the virtual blur between corporate and home networks

The “work from anywhere” movement has gained strength to become the new normal in the way Australians work. Rapid advancements in technologies such as Wi-Fi, VPNs, smartphones, and cloud storage, have made mobile working (from home, from a café, or even on the go) an achievable reality. One in three Australian workers were regularly working from home in 2016, and this trend is not expected to slow down. 

As organisations embrace a mobile-first strategy that encourages their employees to adopt agile work practices, the Bring Your Own Device (BYOD) trend is also gaining momentum. Data from Technavio indicated the global BYOD security market will grow at a compound annual growth rate of more than 24 per cent between now and 2020.

While there are advantages to enabling staff to pick and choose where and how they work, the trend also exposes organisations to considerable new security risks. Unlike the traditional practice of working in an office, within the bounds of a secure network, the “work from anywhere” trend opens up dozens, hundreds, or even thousands of new entry points for attackers.

Personal mobile devices, including smartphones and tablets, are used for multiple private and business activities, like web browsing, emailing, downloading apps, reviewing files in the cloud, and accessing social media. When you add accessing various networks to the mix, the use of personal mobile devices for business can potentially expose users and organisations to new threats.

For instance, an employee can accidentally and unknowingly download a harmful file on their device and then connect onto their organisation’s network, which in turn exposes others on the network to a virus. Similarly, someone could store a confidential business file on their phone or personal laptop, which is then hacked on a less secure network, exposing the confidential information, and triggering a loss of personal and financial data, misconduct and potential exploitation.

As more and more sensitive data is transferred between work and personal devices, and transported across multiple networks, an organisation’s security posture is undermined.

The increasing prevalence of cyberattacks across the globe has raised the general awareness and concern about cyber risk among organisations, which are now actively looking at how they can protect their networks and data, anywhere and everywhere employees access it. CIOs are under pressure to provide effective strategies to protect endpoints, both at work and outside the office, through responsible risk management, investment in new security tools, and ensuring employees follow best practice when it comes to cyber security.

In Australia, businesses are investing more in enterprise mobility device management (MDM) tools as the market for management software, devices and services is expected to approach $5.5 billion by the end of the decade, up from $3.3 billion in 2016. This growth in MDM is underpinned by the fact that 86 per cent of enterprises are concerned about security in enterprise mobility.

Adopting MDM gives organisations the ability to segment a user’s personal and corporate data, so sensitive information can stay encrypted or can be remotely wiped in the event an employee’s device is lost or stolen. Using MDM software also gives organisations the ability to monitor application licenses to ensure compliance is maintained.

While a CIO can ensure their organisation is protected by the best tools within the office environment, and educate their employees on security best practice, that oversight doesn’t necessarily extend to home networks. Enterprise-grade security software has traditionally been unavailable for home use, and family members usually don’t have the same level of awareness and education when it comes to protecting themselves online.

Family members may share devices with a company employee in the less secure home environment, which means the potential exposure to risk is significantly increased when accessing business files on personal devices and networks. For example, family members could unwittingly download malicious files that are not picked up by the out of date and less sophisticated security software on the laptop or home computer.

The good news is that the consumer security industry is moving forward with the next generation of endpoint security software. Artificial intelligence-based antivirus software uses machine learning algorithms to monitor activity, identify whether it’s good or bad, and proactively stop malicious software from executing, even if it has never been seen previously. Until now, these solutions have only been available to business users. However, new products are coming to market that can be deployed on personal devices as well, ensuring a consistent security posture across an organisation’s extended network.  

As CIOs consider how best to configure and secure their networks so they can handle increasing security complexities, deploying artificial intelligence-based endpoint security software across both the corporate and employees’ home networks should be a top priority.

In order to confidently navigate this brave new “work from anywhere” world, company management and IT teams need to work together to develop a strategy for maintaining effective cybersecurity measures on every employee device, wherever they are, whatever company data they’re accessing.