By Stuart Sharp, VP of solution engineering at OneLogin
According to predictions from the Office of National Statistics, 50% of the UK workforce is expected to be working remotely by 2020. Many organisations have been preparing for this eventuality for many years, as can be seen from the increased uptake of ‘working from home policies’. This is no surprise considering the advancements in technology and the growing expectation of flexible working hours from the modern workforce. This has led many to query: how useful is the traditional office space?
Nowadays, it is common for global enterprises to split up their workforces between multiple locations, often in different countries and occasionally not in an office at all. The number of employees who work from home routinely as part of their job has increased dramatically over the past few years. Many companies have begun to offer incentives to employees such as ‘work from home Fridays’, with the aim of increasing morale and staff retention rates.
According to recent research on the distributed, diverse workforce of the future, 97% of CIOs said that they expect their workplaces to be widely dispersed across locations and time zones, with part-time employees, contractors and contingent workers playing a bigger role in businesses. Today, more than 77 million millennials are active members of the workforce. This sizable group represents an enormous proportion of the working population – and they are increasingly unwilling to take a technological step back when entering the workplace. Colloquially referred to as “the generation that grew up shopping on Amazon.co.uk”, these employees expect a mobile-first work environment. These individuals are fuelling the freelance economy and will change employers on average every 16 months. Noting the skills shortage, organisations need to work harder than ever to close the gap; and implementing flexible working policies is one way to get ahead of the game.
Many organisations have already implemented remote working policies with varying degrees of success, however, there are challenges that remain overlooked. The main concerns revolve around security, with many worried about how remote workers can access sensitive company data, while maintaining a secure and safe environment. With cyberattacks reported to have cost UK businesses £300bn ($370bn) in 2018, it can be a colossal challenge for IT departments to ensure that users who are logging in remotely do so securely.
What is the threat? With 80% of security breaches resulting from the abuse and misuse of privileged credentials, the biggest threat is passwords. Everyone is raising the alarm about weak passwords and encouraging the use of more complex ones as an easy form of defence. However, complex passwords can often cause more havoc than simple ones. Imagine that your IT department required you to change your password every 30 days. Moreover, if this monthly password had to be unique and contain one uppercase letter, one number and contain one special character, there is no way the average person is going to remember it. So what then? Users write their passwords down, email it to themselves, keep it in a spreadsheet, or, to the frustration of employees working on IT help desks, simply forget their password and request a new one. A single user may have anywhere from 20 to 200 passwords across dozens of enterprise-level applications, accessing secure information from various devices including laptops and smartphones.
In order to keep the remote working train in motion, we need to ensure every worker is logging on to company networks safely and securely. One solution to this problem is implementing a single sign-on (SSO) system that integrates multi-factor authentication (MFA). SSO lets users securely authenticate with multiple applications and websites by logging in once with just one set of credentials. With SSO, the applications or websites users access rely on a trusted third party to verify users are who they say they are. MFA, on the other hand, is a security system that verifies a user’s identity by requiring multiple credentials. Rather than just asking for a username and password, MFA requires other – additional – credentials, such as a code from the user’s smartphone, the answer to a security question, a fingerprint, or facial recognition.
Every time a user logs into a new application or machine, it provides an opportunity for hackers. To be on the defensive, companies should have an authentication strategy in place, protecting both data and end-users. In addition, companies should ensure that their authentication solution of choice can adapt to meet new and advanced types of attacks from cybercriminals. The removal of passwords is the desired objective of everyone in the cybersecurity industry. However, passwordless authentication is not supported by most applications. Only companies that have deployed a modern cloud-based identity solution can make a passwordless future a reality. In the meantime, implementing secondary forms of authentication will mean that many cyberattacks are prevented. A phishing attack may acquire a user’s credentials, but it can’t provide the hacker with a fingerprint. A major benefit of SSO and MFA is they work across devices, meaning that whether a user is in the office or at home, they are always signing on securely.
Currently, we rely heavily on on-premises networks and desktop technologies. However, as we transition into the cloud and out of the office, it is the responsibility of organisations to ensure that their employees – wherever in the world they may be – are accessing company files safely and securely. As ‘the norm’ shifts, it’s only natural that more and more companies will implement remote working policies. The distributed and diverse workforce of the future is just that, the future. Working practices must evolve in order to keep up, however, as we evolve, so do the threats. Only by taking active steps to mitigate these risks can we move forward without friction and support the remote workforce of the future.