The workforce of a midsize enterprise is more mobile than ever, with over 90% of organisations with employees working half of their week outside of the office. One-fifth of Millennials regularly work from coffee shops, and 60% work remotely to the fullest extent their company allows. As a result, more and more business is being conducted off-network, and outside of secure perimeter provided by the network firewall.
What Is Off-Network Security?
Whether you allow your employees to work remotely long-term, support a sales team constantly on the go, or simply allow work from home in instances of bad weather or illness, security should always be a consideration. More than 64% of midsize businesses have experienced a breach that occurred as a result of a worker who was off-network, yet many businesses fail to appreciate the scope of vulnerability of an increasingly mobile workforce. Employees working from one of your locations benefit from both physical and technological protections provided by your organization. Employees on the go are working from environments that can both introduce distraction and vulnerability that could impact your business.
What Are the Security Challenges of a Mobile Workforce
When one of your users leaves the safety of your perimeter you lose a significant amount of visibility and control over their security. The problem becomes worse when they connect from locations with limited protections, open Wi-Fi networks, shoulder surfers, and ever-present distraction.
Protecting employees requires a multifaceted approach that addresses the following security challenges:
- Malware and Ransomware: Most businesses rely on traditional antivirus software to block malware on managed endpoints, but these solutions can only catch known threats, and are relatively powerless to stop advanced, zero day threats. Without the benefit of your core network protections, a user on the go could become infected without your knowledge, and even introduce the infection to your broader environment when they reconnect with your network.
- Phishing/Spear-Phishing: Criminals use email to try to get users to click links, download files, and enter credentials into web pages or forms. These emails are commonly tailored to a specific business or individual who is considered most vulnerable. With the abundance of personal data available to a hacker, determining who is off-network, and when, isn’t difficult, placing off-network employees firmly in their crosshairs.
- Lost/Stolen Devices: Losing a device can be one of the biggest threats to your business. A stolen device that is logged in can provide complete access to the thief, not only to the machine, but many of the user accounts where credentials may be stored. In addition, the data on the device itself may be sensitive, personal, or contain company informational property.
- VPN Avoidance: Let’s face it, employees don’t always follow the security polices we put in place. A VPN can provide a tremendous amount of protection, but if it is overly cumbersome for the user, it will be avoided to the detriment of your security when you rely on VPN alone. A user who simply wants to check their personal email, or social media accounts could quickly run in to trouble.