By Dr Prashant R. Nair


The COVID-19 pandemic ushered in a new era of digital transformation impacting every industry and service vertical. One of the by-products of this digital transformation has been the advent of Work From Home (WFH) culture and hybrid working models in India. Remote work has been existing for quite some time in the USA and developed economies. 


However, it was not widespread as most organisations preferred real-time engagement with some flexibility in terms of WFH and remote work options.  The pandemic changed all that.


Hybrid Seems To Be The Norm


Now, in the post-Covid era, there appears to be no going back to the “fixed” approach model. Hybrid working models seem to be the norm even though we are seeing many companies mandating a minimum number of days requiring physical presence in a week in the office. 


We are also seeing companies increasingly using the services of returning mothers, and part-timers in WFH mode, especially for non-technical roles. 


Opening Up Challenges


WFH has opened up various challenges in terms of communication protocols & tools, performance metrics, legal and statutory compliances as per the law of the land, and of course, cyber security. 


Cyberattacks can cripple businesses, leading to financial losses as also damage the reputation of the company amongst its stakeholders and customers. 


For WFH, there is a need for advanced cybersecurity measures to ensure secure access to enterprise servers & networks using various technologies such as Virtual Private Networks (VPN), multi-factor authentication, and the like. Protection of sensitive data including the personal information of customers is also an important need. 


In addition to enterprise tools, WFH may entail the usage of various ICT tools such as project management - JIRA, productivity - Trello, and video-conferencing - Zoom, Skype, etc. 


Cybersecurity Measures For WFH


Secure Access: Using VPNs for secure access to company servers and networks. A VPN can extend access to a private network to users who do not have direct access to it, such as an office network allowing secure access from off-site over the Internet. 


This is achieved by creating a link between computing devices which are located remotely and computer networks by the use of tunneling protocols which in layman's terms is like a dedicated pipe that is used on top of the public internet but is not vulnerable to the security challenges of the Internet. This implements the necessary confidentiality and security for the benefit of the remote workers.


Access Control: Restricting access to sensitive data based on rights and privileges assigned to people in various roles in the enterprise


Multi-factor authentication: Ensuring only authenticated users can access the enterprise network adding an extra layer of security


Data Encryption: Implementing encryption for data in transit and at rest.


Training & Skilling: Continous engagement in terms of security training & skilling employees about phishing, malware, and secure data handling.


Regular Audits A Must


Cybersecurity at the enterprise level with firewalls, Intrusion Detection Systems (IDS), vulnerability assessment & tools to monitor network traffic, and Cyber-hygiene at a personal level are no doubt needed to complement these measures. 


Cyber-hygiene measures include protecting computers & laptops being used for WFH by installing licensed anti-virus & malware protection software. 


A certain degree of patience is also needed as these software require periodic updates and patches to be installed diligently. Password protection is another important aspect. Periodically changing passwords, using strong passwords with alphanumeric characters, and using different passwords for different sites are common-sensical stuff. 


Appropriate measures to prevent identity theft and phishing are also part of the mix. This entails social engineering and safe browsing which translates to not providing any personal information like bank account information, Aadhaar numbers, and driving license or clicking on suspicious links that come through emails, WhatsApp, social media, or web downloads. It is also important for remote workers to have a comprehensive backplane for data backups and recovery.


There is a need for enterprises to be aware of the guidelines of regulatory agencies concerning WFH.  


In India, the Ministry of Labour & Employment sets guidelines for fair labour practices, including WFH.  


Indian Computer Emergency Response Team (CERT-In) issues cybersecurity advisories for a safe remote working environment.  In the Digital Personal Data Protection Act, a Data Protection Authority is proposed, which will oversee data security in remote work modes. 


There are only limited provisions concerning data security in the IT Act 2000. With multiple challenges arising in data privacy such as data leakage, unauthorised access, and compliance issues, there is an urgent need to operationalise this legislation and frame the rules towards structured data privacy. 


In the long run, there is also a need to evolve a comprehensive legal framework for WFH and hybrid working models with guidelines and regulations in all aspects.


(The author is an Impact Creator at IEEE)


Disclaimer: The opinions, beliefs, and views expressed by the various authors and forum participants on this website are personal and do not reflect the opinions, beliefs, and views of ABP Network Pvt. Ltd.