• CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • PARTNERS LOGIN
  • CONTACT US
  • PRIVACY POLICY

Remote Work and Shadow IT – How to securely support WFH policies

Published by Chris Gerben on September 15, 2022
Categories
  • Blog
  • Shadow IT
  • Uncategorized
Tags
  • Cybersecurity

Slide Addressing
Shadow IT

The mass exodus away from the office during the peak of COVID-19 during the spring and summer of 2020 has proven difficult for companies to reel back in. With desires to work from home and keep flexible work arrangements at the top of demands, workers are fueling the “Great Resignation” with calls for companies to enshrine WFH and remote work policies well into the future.

But as companies wrestle with this new reality, they must ask how they can keep their business data and systems secure.

Does increased remote work mean increased risk?

Employees around the world can today work from nearly anywhere. As they travel, so does their work, with their own personal laptops, mobile phones, WiFi connections, and personal accounts (e.g. Google, Zoom, etc.) allowing them to take their virtual offices nearly anywhere they are.

With each of these variables comes loss of control and visibility, two essential components at the core of any secure company’s IT strategy and best practices.

We’ve written about how 40% of WFH employees admit to using non-approved collaboration and communication tools on their work machines. And while 85% of employees believe their companies track their technology usage, the truth is that most are not capable of doing so, which has potential dire consequences.

Our partners at BitSight began tracking potential troubles with WFH and security at the height of COVID-19. Their findings include the fact that home networks are 3.5x more likely than corporate networks to have at least one family of malware. Likewise, in people’s connected homes, more than 25% of all devices have one or more services connected to the Internet.

In follow-up research, BitSight reports that even company-issued devices aren’t necessarily secure depending on use. In this case, BitSight found that 52% of company-issued devices were used by family members of employees. As these devices interact with other systems in the house–everything from TVs to dishwashers–the exposure to five distinct families of malware jumped up to 7.5x more than could be exposed on a corporate network.

Shadow IT and remote work

What many managers see as a remote work, WFH, or Cloud computing issue is really a Shadow IT issue. Shadow IT, or the connection of devices, services, apps, etc. to a company’s network without the company’s IT team being aware of it, is an inherent risk for any business. Malware from infected USB drives or errant clicks from a phishing email were cybersecurity issues even when everyone was in the office. 

However, as employees use devices on external networks and–perhaps more importantly–mix work and personal computing habits (and accounts), the risk to organizations and their networks grows exponentially. As a result, WFH is a unique Shadow IT vulnerability.

Read more: What is Shadow IT?

However, as remote work becomes more desirable and acceptable, businesses can’t always simply demand workers only work in the relatively secure environment of an office or on-premises network. Instead, managers need to weigh the pros and cons of risk, educate their employees, and take proactive steps to secure their data and networks even as devices and access are spread globally.

Our partners at Netskope have put together a pragmatic guide for when to grant remote work to employees while still putting security at the forefront. Among other things they advise employers to ensure, they note the need to discover user actions, access to cloud applications, forward proxy deployment, and inspection of cloud IT services through DLP as some key thresholds that employees and IT professionals need to agree to before remote work can be considered truly safe.

Areas to secure to prevent Shadow IT issues in remote work

As CISOs and IT managers can attest, there is no one way to completely secure a network. However, with multi-layered strategies covering company accountability, industry standards, and government compliance come the need to be as secure as possible, which means Shadow IT is a blindspot that has to be considered at even the most entry level of positions.

Here are some key areas to consider when planning your
Shadow IT protections in light of remote work and WFH demands:

  • Physical devices – All Internet-accessible devices including computers, phones, and USB and Bluetooth devices should be secure upon leaving the office. Employees should have regular check-ins with managers and IT team members to ensure their devices are up to date and/or enabled with security software or user tracking such as Netskope offers.
  • Employee education – Employees at all levels should be enrolled in continuing education modules and discussions around cybersecurity. Specific threats, policies, and best practices should be discussed before, during, and throughout the amount of time a given employee is working remotely.
  • Cloud services – Communication and collaboration services like WhatsApp, Gmail, or Google Docs should be regulated. Many such services utilize SSO across multiple sites, and even services that offer everyday encryption can be compromised, meaning
  • Video services – Similar to the Cloud services mentioned above, video conference platforms like Zoom or Gong, and related VOIP services, should be regulated. Employees should be given access to and held to only using company (as opposed to personal) accounts on these platforms.
  • Apps – Apps, especially on mobile devices, often request access to users’ contact information (and in some cases, files, location, etc.) As a result, apps on company devices should be treated as part of the enterprise stack, and should only be allowed once vetted and approved through formal IT processes.

Managers cannot singlehandedly prevent Shadow IT issues. However, as remote work continues to be a modern reality in most industries, it is team leaders’ responsibilities to take nothing for granted when allowing company data, devices, and employees to work beyond the secure confines of an office. 

In the same way that you wouldn’t allow someone to make unlimited spare keys to your home, managers should ensure that the doors they control are secure

If you'd like to learn more about reducing Shadow IT and protecting your cloud vendor network, we can help.

Talk to an expert today
Chris Gerben
Chris Gerben
VP of Marketing
  • Phone
    |+1-617-245-0469
  • Address
    |
    111 Huntington Ave, Suite 2010, Boston, MA 02199
  • Sales
    |sales@bitsighttech.com
  • Contact Us
Laika_SOC2_TypeI_PurpleIris        CSA_Trusted_Cloud_Provider

©2022 ThirdPartyTrust, LLC and its Affiliates. All Rights Reserved. | 111 Huntington Ave. Suite 2010 Boston, MA 02199
  • PARTNERS LOGIN
  • CONTACT US
  • PRIVACY POLICY
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Do not sell my personal information.
Reject AllAccept
Cookie Settings
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT