An overhead view of a businessman sitting on a wood floor using a laptop, with papers spread around him. A cat sleeps next to him.
PHOTO: Shutterstock

With so many office employees now working remotely, IT may be seeing gaps in their security strategy. Thanks to the pandemic shifting office workers to remote workers, IT’s policies might be outdated from even six months ago. Now is the time to reflect on how IT teams can manage security with a distributed workforce, especially with many employees using personal devices.

Since shifting to a mostly remote working model, more than half of all global companies report suffering at least one cybersecurity attack, according to a recent study.(1) These attacks also don’t look like they’re going away anytime soon. IT teams must be ready and take a proactive stance around cybersecurity to ensure that the disruption of their workforce doesn’t negatively impact their security. Now is the time for IT teams to review their security strategy and see where it can be improved.

What Do IT Teams Need To Do To Address Security?

How can IT professionals deal with security procedures when their workforce is mostly distributed? Having a strategy and communicating about it is a good place to start. The policies should be something employees both know about and can buy into. If employees don’t know what the procedures and best practices are, then they can’t contribute to keeping the company safe. Ideally, you want your employees aware of security and what they can do to keep safe. (2)

IT security policies should encourage top-down buy in for maximum effect; it doesn’t help if line-level employees see executives doing things that they aren’t allowed to do. C-suite and other executives need to be aware of the inherent risks the new normal of distributed work can cause. If executives understand the problem, they can address it through resource allocation and executive sponsorship.

IT needs to have visibility into every vector, from cloud to device to network. With policies and technologies in place that account for these vectors, IT is well positioned to prevent attacks.

While the pandemic continues, it’s important for IT to be more understanding of how employees work and stay productive. If there’s a middle ground that addresses both security and personal freedom, then IT should work to make that happen. Employees are stressed thanks to current events; they don’t need an overbearing policy to add to their tension.

Understanding the BYOD Risks and Crafting a Strategy That Works for the Distributed Workforce

With employees working from home their tendency might be to use their personal devices to take care of work tasks. While this can often be harmless and speed productivity (since employees may be more familiar with their own devices than their work devices), personal devices may come with several security risks employees might not have considered. Security risks can include:

  • Cyberattacks
  • Data loss
  • Device theft.
  • Jailbroken devices
  • Malware
  • Network vulnerabilities (3)

How do IT teams extend security to those new endpoints? Crafting a sensible BYOD strategy is one that balances employee freedom and choice with organizational security.(4) Another particular area of concern is device theft. More than half of all network breaches are due to lost and stolen devices. IT can address this by encouraging employees to protect their devices with passcodes and/or fingerprint recognition. (5)

What Does the Future Hold for Cybersecurity?

As we come to the end of 2020 and the COPVID-19 pandemic continues to disrupt countless industries, it’s worth taking a look at what the future might hold from a cybersecurity perspective. Much is made every year around cybersecurity predictions, but what was written about at the end of 2019 didn’t (and couldn't) take into account the events of the past six months. For better or for worse, the world has been turned upside down and will continue to be for the foreseeable future.

One of the greatest predictions is that cybersecurity attacks will continue to affect all organizations.(6) The distributed workforce also creates new areas for attack and new placed IT teams must defend, as employees’ remote work situations may not be as immediately secure as they were in the office. Now is the time for IT teams to revisit, rethink and revise their security strategies to take into account the realities a mostly distributed workforce has on security. By revising and strengthening current policies, IT teams can be proactive against potential cyberattacks, preventing them before they happen.


A solid security strategy has always been essential; however, its necessity has taken on new urgency thanks to the COVID-19 pandemic. By reviewing past policies and updating as necessary, IT teams can ensure their workers are safe to access mission-critical applications and documents without fear.

Learn about VMWare’s security initiatives for the distributed workforce at


More Thought Leadership from VMWare