How to navigate security in a modern workplace

Pratik Roy

Pratik Roy

Partner Content: Microsoft

By Pratik Roy, Modern Workplace and Security Business Group Lead for Middle East and Africa at Microsoft

By definition, it can be said that a modern workplace is a fully collaborative workplace that’s integrated with technology in order to boost productivity. Typically, this environment has a mobile workforce that allows employees to work remotely and utilise modern tools and devices to collaborate effectively. Digital transformation in this regard refers to businesses aligning technology, their employees and business processes to improve operational efficiency ultimately meeting organisational goals.

Within every organisation, four pillars exist: employees, processes, products and customers. Digital transformation within organisations requires the touching of one or more of these pillars. To illustrate this, let’s focus on the customer. In the effort to build and maintain interaction with current and potential customers – customer relationship management (CRM), organisations need to have a 360° view. Let’s say, for example, an organisation wants to introduce a new customer experience solution on a media channel for easier and secure access to its customers. Every time the organisation introduces a change in its company from a technology perspective, security posture for all the pillars in the organisation must also be redefined.

The modern workplace inherently attracts the threat of cyberattacks on organisations, with employees often being a soft target. To better understand this, let’s explore the security risks associated with mobile/remote workers using the practical scenario below:

If your employees work remotely, what do you as an employer need to know about them? Here are a few questions to consider:

1. Who is remote worker A;
2. What does he/she have access to;
3. What devices does he/she use to access the corporate network;
4. At which locations does remote worker A usually access the corporate network;
5. While on the corporate network, which apps are he/she allowed to access using the corporate network?

In this scenario, there are two main areas your organisation needs to investigate;

a) the remote worker’s identity
b) the devices the remote worker uses to access the corporate network

If for example, remote worker A usually logs into his/her work email account at 08:00 am in Dubai, UAE but on the same day, 15 minutes later, he/she logs into the same email account with location pinged as Nairobi, Kenya, this is a clear security red flag and the corrective security measures (password change) should be implemented immediately.

In a modern workplace, there are many possible scenarios in which an organisation’s security can be breached. Below are some tips on how to protect your company’s security from being compromised by cybercriminals.

  • Ensure that security becomes a culture of your organisation, not just a requirement. When employees buy into the idea that security is business, they are more likely to remain alert and signal any suspicious behaviour to the IT and security specialist before any lasting damage is done.
  • Make sure that all your employees’ devices are updated with the latest security software. To ensure that this is enforced, schedule updates regularly and send employees notifications of these as soon as they are available, with the threat of being kicked out the network if these software updates are not applied.
  • Apply multifactor authentication security measures, that is, using more than one method and entry into a company network platform. For example, using a combination of password and fingerprint verification to access the corporate network when logging on from a new device.
  • Never leave your device unattended, lock it up whenever you leave your workstation, especially when working remotely at a public place like a coffee shop.
  • Don’t use public Wi-Fi without using a virtual private network (VPN) because VPN encrypts your online connections, protecting your data from hackers.

Microsoft offers a range of products and services to its customers designed for large organisations and integrates Office 365 Enterprise, Windows 10 Enterprise and Enterprise Mobility and Security to empower employees to be creative and work together, in a secure environment. Microsoft 365 Enterprise provides intelligent security built into all levels – the physical layer, the network layer, the infrastructure, and the apps.

An evolving cyber-threat landscape and security challenges can have a real impact on individuals and businesses. Our security offering is unique and secure in that our security products are built-in not built on, making them the best of suite in the market.

Although companies provide a multi-layer approach to security, employees also have a responsibility to develop healthy security habits. Security should be a habit; we need to regularly maintain the hygiene of our devices by applying the latest software updates. Security should become a part of every employee’s DNA.