• Loadshedding may push employees to work from places with less than secure networks.
• Fortinet found that as many as 62 percent of survey respondents experienced a breach because of remote work vulnerabilities.
• With as few as 33 percent of EMEA respondents welcoming employees back to offices, securing these vulnerabilities is vital.

The lockdown forced many companies to adopt work from home (WFH) policies on the fly. Since lockdowns have lifted companies have re-opened, firms have asked employees to return to the office.

However, many more companies have continued to operate in a hybrid working environment although working from home in the midst of loadshedding makes this rather untenable. Not only does a lack of electricity mean notebooks are running on limited battery power, but networks may also fail causing connectivity problems.

While the logic may be to get up and move to a location with electricity, this presents a cybersecurity risk for firms who may not have accounted for those working from home, having to leave home.

“It’s clear that WFA [work from anywhere] is here to stay but organisations see insecurity of home networks as a major concern,” says regional director of Southern Africa for Fortinet, Doros Hadjizenonos.

The firm’s 2023 Work-from-Anywhere Global study found that within the Europe, Middle East and Africa region, only 33 percent of respondents expected to welcome employees back to work full-time.

Where this becomes a cybersecurity risk is when employees start hopping across a range of networks as they move to coffee shops or the homes of friends and family.

“Shifting from one network to another does increase the danger for remote workers since they may need to use insecure and untrusted networks to access mission-critical corporate software. This could lead to new dangers that allow attackers to intercept unprotected communications or attack an unprotected device,” Hadjizenonos explains.

However, protecting this attack surface requires a rather significant outlay. In the aforementioned Fortinet report, it was found that EMEA organisations were anticipating a 94 percent increase in their security budget to accommodate work-from-anywhere policies.

Firms should be implementing endpoint detection and response in tandem with zero trust network access for employees. This should, says Hadjizenonos, be based on user identity, device identity, location, and device type to secure access.

Organisations can opt to take a single vendor or multi-vendor approach to address their specific needs and unfortunately, the advice will depend on the organisation’s needs.

Where multiple vendors can potentially cater to specific needs, there could also be a risk of cross-over as regards features leading to an overspend.

On the other hand, Hadjizenonos highlights that a single vendor can help create an environment where solutions work together more seamlessly.

The specific solution for your organisation requires careful thought. Security handlers should consider every facet of how an employee may access the network and insure that it is secured in a sufficient manner.

This is a requirement, especially considering that Fortinet’s report found that 62 percent of respondents had experienced a breach because of their WFA vulnerabilities.

Thankfully, despite South Africa’s unique challenges, there are solutions for firms that need to secure a scattered and remote workforce. One just needs to assess the risks faced and find the best solution to mitigate those risks.

[Image – Paul Hanaoka on Unsplash]