Before the COVID-19 pandemic hit the world, working from home seemed like a distant dream for most of us. In some offices, the concept remained just that — a concept. Cut to 2024, now 76.07% of employees in India prefer having control over their working hours and would take a pay cut to guarantee the flexibility of working remotely or have the opportunity to alternate between home and office, according to ADP Research Institute.
However, working remotely or even in a hybrid culture brings its own sets of challenges and among them, one is cybersecurity — something that companies are willing to bet big on but are not ready for the challenges. CISCO Cybersecurity Readiness Index in 2023 revealed that only 24% of Indian businesses are ready to combat modern cybersecurity risks and about 80% of Indian companies faced a security breach in the last two years.
A huge part of keeping the company and employee data safe is to have the infrastructure ready and provide employees with devices — computers and phones — specifically for work. These devices act as security guards, armed with the latest defences like antivirus software and encryption. When everyone's using the same gear, it's easier to keep an eye on potential problems and fix them faster. Plus, it beats the risks of folks using their personal devices, which might not have the right protection.
Anshuman Sharma, Director, VTRAC, Cybersecurity Consulting Services, Verizon Business, spoke to CNBC-TV18 about the crucial distinctions between using company-authorised devices and personal ones. Sharma highlighted, "Devices authorised by the company have enhanced security measures and adhere to organisational policies as well as industry regulations," stressing the centralised update and monitoring management capabilities they offer.
Sharma delved into the risks associated with personal devices, stating, "They allow for centralised update and monitoring management. Such security features may be lacking in personal devices, posing potential risks to sensitive corporate data." He underlined the impact of the pandemic-induced shift to remote work, stating, "The shift brought by the pandemic in terms of how we work and where we work from has introduced new challenges."
Discussing the rising trend of authorising both smartphones and laptops for work, Sharma noted, "Companies are increasingly authorising both smartphones and laptops for work. The precise number varies across industries and regions, reflecting various strategies for balancing security and user flexibility." He also talked about the challenges reported in the MSI 2023 report, stating, "62% of companies reporting breaches are related to remote work."
A 2020 report by the cloud security firm Trend Micro, 'Head in the Clouds,' showed that 42% of workers in India are using personal devices to access corporate data and 37% do not even have basic password protection on their personal devices. This only adds to the already existing cybersecurity risks that a business faces.
On measures to keep devices secure, Sharma outlined, "In the pursuit of a resilient security posture, enterprises are adopting a strategic set of measures to safeguard their devices and uphold operational integrity." He provided specific measures such as implementing endpoint detection & response (EDR) and user & entity behaviour analytics (UEBA), activating mobile threat detection (MTD) solutions, and vigilantly monitoring excessive data transfer.
Discussing individual responsibilities, Sharma urged, "Adopting proactive measures can significantly contribute to a safer online environment." He offered specific steps such as patching home networks regularly, using strong passwords, limiting device sharing, and being vigilant against phishing attempts.
On identifying cyber threats, Sharma laid down a layered approach, stating, "A layered approach to protection and detection is essential, covering user, application, device, and network levels." He shared Verizon's five-part defence plan, saying, "We bring this plan to life by offering services like network and cloud security, network filtering, endpoint security, voice security, and expert consulting."
Regarding the Mobile Security Index report, Sharma said, "The Mobile Security Index (MSI) report highlights that this reliance on mobile devices poses security challenges." He stressed the importance of a strategic approach, multi-layered security, ongoing employee training, and scalable, cloud-native solutions. "While mobile devices are the way of the future, security must remain a top priority for forward-thinking organisations," he said.
