Building resilience and security for long-term remote working

Published: Friday, 16 July 2021 07:54

For many organizations, remote working is moving from being a reactive response to the business continuity requirements generated by the COVID-19 pandemic to being a long-term business policy. As organizations take this step, resilience and security issues need to be addressed with a sustainable strategy, as Steve Dance and Andrew Lawton explain…

Working from home is now a regular and accepted arrangement for many organizations. The COVID-19 pandemic forced many organizations to quickly adapt to remote homeworking to keep their business running. And the experience has forced the subject of resilience on to many boardroom agendas.  In the UK financial sector, operational resilience is becoming a regulatory requirement as the Bank of England, Prudential Regulation Authority, and the Financial Conduct Authority press on with their initiatives on financial sector resilience. Given the number of financial institutions that are announcing their intention for remote working to be ‘business as usual’, security and resilience for remote working arrangements will fall under the auspices of these new regulations. At a national level rumours are circulating that the UK government is considering a ‘right to work from home’ initiative.  In all likelihood, we may never return to working in the office five days a week. We are more likely to move to a hybrid arrangement with the corporate office used as a meeting and collaboration space, while the home office is used for day-to-day work.

However, for many organizations, relying on average domestic provision for security and resilience can significantly dilute (and even compromise) the overall security position of the organization. Even though remote working may be focused on routine work, the work performed may still be time critical or involve handing sensitive or confidential data.

Remote workers will often deal with sensitive data that may be confidential to themselves, their customers or their companies and so need protection from hackers penetrating their home networks. The security and resilience of the ‘home office’ can jeopardise both the domestic and the corporate environment.  In adopting a regular work from home arrangement, several threats to both security and resilience present themselves:

The average home network, then, is full of potential security trip-wires.  There are, of course, solutions to all the threats outlined above, but they too have deployment issues that can be difficult to manage:

To overcome the security concerns and ongoing management challenges remote working requires a more holistic approach to reliably implement security and resilience for the home worker.  Many organizations are now looking to solutions to overcome the drawbacks of security silos and management challenges. Best of breed integrated solutions will incorporate:

The authors

Steve Dance is an independent consultant specialising in business continuity and operational resilience at RiskCentric

Andrew Lawton is CEO of ResKube