A businessman looking through binoculars for security threats with a technology concept background
PHOTO: Shutterstock

When the COVID-19 pandemic forced office employees to work from home in an unprecedented shift in how we work, not only did it disrupt business models and organizational culture, but it inadvertently opened the door for cybercriminals to attack numerous businesses. (1) After all, while companies might have their intranets locked down, the same couldn’t be said with complete accuracy for the millions of workers who were now suddenly accessing critical applications and documents through their own WiFi networks. One study reported that daily DDoS attacks increased by 20 percent in February and March 2020, compared to the previous year. (2)

This is through no fault of their employees. The decision to send everybody home was driven by a mixture of policy, culture and government regulation. Few IT departments were prepared for such a shift and not many of them had the time to set up remote access for all their employees with the same care that they’d developed secure intranets at the office.

However, since the initial uncertainty has subsided, it’s up to IT to take a long hard look at their remote working policies and revise as necessary to bring home-based cybersecurity in line with what employees enjoyed at the office. This includes reexamining (or creating) a security strategy that allows employees the access they need within a safe and secure environment.

Now Is the Time for an Aligned Remote Work Strategy

How does a distributed workforce affect a company’s security strategy? IT teams now have a wealth of on and offline considerations to take into account that they didn’t necessarily have before. With employees working at home (and in potentially insecure areas), the possibility of device theft is a realer possibility than it was in the office. Amending security policies to include securing devices with passcodes, fingerprints or facial recognition is a good start. Having such policies in place means if the unthinkable happens and an employee’s device is stolen, the possibility of the stolen device compromising network security is minimized.

Adopting a strategy that allows for virtual desktops over localized applications has several security and cost benefits. By limiting downloads to a more central secure server, IT teams limit the likelihood of a computer being compromised. Additionally, there’s the potential for cost savings on licensing when applications are centralized, particularly for global enterprises. With less complexity to manage, IT teams can minimize the potential for catastrophes.

When Every Endpoint Becomes a Part of the Security Strategy

With the majority of workers now distributed, it means that IT teams have more endpoints than ever before to consider regarding their network security strategy. Employees will be logging into the company network through thief desktops and laptops, but also their mobile and personal devices. This device proliferation can increase employee productivity, but also put company networks at risk.

In this environment, all endpoints become a part of the company’s security strategy. IT teams should treat all employee-owned devices as potentially compromised and control access accordingly. Employees should be able to access their apps and data from any device, but IT teams should take care to ensure that convenience doesn’t compromise security. Now’s the time to examine bring-your-own-device policies and see how they can be adjusted to meet the challenges of this new normal. Employees may need access to virtual private networks (VPNs), which should be set up.

There’s also regulatory implications to consider when dealing with new endpoints. Your organization may not need to comply with endpoint requirements, but your customers might. If you can’t demonstrate security of endpoints, they may not do business with you. Your security strategy should take customer regulatory requirements into consideration as a result. Your customer’s data is one of your businesses most precious commodities; don’t let your IT security strategy (or lack thereof) jeopardize it.

Another area to consider is securing and granting access. As part of a zero-trust strategy, it's vital to address who should have the right access to the right applications. If employees don’t need access to certain apps and data then they shouldn’t be granted that privilege by default. Marketing team members don’t necessarily need access to HR data, while HR wouldn’t need unfettered access to sales data and account info, for example. While reviewing your security strategy, examine which employees have access to what applications and ensure that access is only granted to employees who truly need it.

When Working at Home Is As Secure As Working From the Office

According to research, over the next 12 months, 50 percent of IT professionals and 39 percent of HR professionals identify better protecting employees from cybersecurity attacks and privacy risks as a top priority for their business. (3), (4)

IT professionals should educate all employees on the necessities of being secure while they’re working remotely. IT can communicate best practices around cybersecurity to help employees replicate their office experience. This includes securing their WiFi, connecting to VPNs and not storing anything locally.


Cybersecurity attacks have increased during the pandemic and companies to be ready. By reexamining the current security strategy, or creating one if necessary, companies can minimize their risk. Deploying solutions with built-in security features is another way companies can stay one step ahead and thwart cybersecurity attacks before they happen.

Learn more about VMWare’s security initiatives at vmware.com.


More Thought Leadership from VMWare