The ongoing spread of the coronavirus is prompting more employees to work from home, either of their own volition or as required by their employers. Handling internal security for an organization is tough enough, but when you must also deal with a soaring remote workforce, the security demands can become even more difficult.
What are some of the security challenges involved with remote workers, and how can you ensure that your organization stays strong and protected against cyberthreats during this time? Here are the thoughts and recommendations of several security experts.
What are some of the threats that organizations should watch for given the increase in remote workers?
- A rise in phishing attacks as a result of the rapid move to remote working for a large number of people. This is especially problematic for small- and medium-sized businesses that don’t have the advantage of full-time IT and security staff to monitor and enforce adequate protection.
- Large enterprises typically have established work-from-home practices and the infrastructure and systems to support this. The same is not true for smaller organizations that have had to make an abrupt transition without the requisite training, technologies, or procedures. This opens small to medium businesses up to potential compromise from hackers who are looking to take advantage of the uncertainty and instability inherent in this transition.
What are some of the risks to the remote workers and to the larger organization?
- When people who are not used to remote working begin to work remotely, they might be a bit careless in ensuring they follow security precautions carefully. This is because they usually work within the “perimeter,” and that gives them a higher degree of protection. Therefore, good security practices must be reinforced by awareness programs that enable them to work remotely in a secure manner.
- Carelessness can lead to liability for some remote workers, depending on the conditions of their employment. For a larger organization, a significantly enlarged remote workforce increases the attack surface and hence the risk of a breach.
- Remote workers bring laptops into their home environment, and tons of devices outside of IT teams’ control are suddenly in the same network. This significantly increases the attack surface and the possibility of being crippled by ransomware or other malware. When IT teams provide employees access through a VPN, those extra devices may inadvertently be given access to the organization’s data center as well. IT teams and CISOs need to prepare for an influx of inside attacks, coming not from external, but internal sources.
- Organizations will be exposed to a higher level of risk as a result of cybercriminals attempting to capitalize on the weaknesses in defenses as companies adjust to the “new normal” of remote work. IT organizations will be distracted for the weeks and months to come as they address operationally-pressing issues–whether it is ensuring adequate communication and connectivity for employees, implementing collaboration tools, or ensuring that existing systems and processes can scale. While cybersecurity will be on their list of priorities, it will be competing for attention with many other balls that have been unexpectedly thrown up in the air.
What are some mistakes organizations might make dealing with remote workers?
- One mistake businesses could make is putting in place security solutions and policies that restrict the ways people want to work. While blocking access to data or putting rules in place to limit employees’ activity could help stop data falling into the wrong hands, such measures can impede productivity if too restrictive. Businesses need to empower employees to work securely, without security getting in the way of them doing their jobs.
- VPNs, virtual desktops, and other methodologies that businesses traditionally use are not easy to scale for large companies as they are driven by compute power, and they don’t provide the same scalability and flexibility as cloud services. Companies will quickly learn that trying to find secure ways to provide access with these types of traditional remote strategies won’t be possible, and IT teams will inadvertently create several security gaps for threat actors to exploit.
- Some mistakes that organizations might make when dealing with remote workers include not enforcing security policies and role-based access control across the corporate domain. Also, if comprehensive logging and monitoring solutions are not in place or endpoint protection and MDM (mobile device management) are not deployed across the organization.
- Security measures can also be weakened if non-compliant devices are permitted inside the perimeter. Another potential weakness for organizations is not enforcing the use of two-factor authentication to validate access privileges.
How can organizations protect themselves with the rise in remote work?
- Whenever possible, WFH (work from home) should be done from work-provided and secure laptops, via secured mechanisms that organizations typically use (encrypted and authenticated using corporate credentials and multi-factor authentication). If not possible, and work from personal machines is a must, access must be limited to the information absolutely necessary. For the necessary cases, consider even buying an ad hoc low-cost laptop that shall be used solely for work purposes rather than using personal machines at home that may be already infected and can’t be wiped later on.
- Shift to a perimeter-free style of work for the long run. Authentication decisions must take into consideration the sensitivity of the data being accessed, the context of the request, and the level of assurance that an action is originating from an authorized device. These capabilities can be fulfilled with a well-designed identity platform that can not only make these decisions quickly and decide if another layer of identity validation is needed through multi-factor authentication, but it can scale with large enterprises and reduce friction in the long run.
- Develop a plan and communicate this clearly and repeatedly to your organization. This should include standards for security software that should be run on every device on which work is being done, policies and procedures for keeping company data secure, escalation processes when issues arise, and an overall refresh on cybersecurity awareness and training.
- Ensure that your employees’ devices are running endpoint security software and that this is continuously updated. This must include anti-phishing capabilities. Ideally, this software should be centrally managed through a cloud portal. This will enable IT staff (or managers who have IT responsibility) to monitor and control the organization’s cyber posture, even when employees are remote.
- Every employee should be connecting to the internet through a VPN. This is especially important if employees are connecting through public internet connections, although it’s generally good cyber-hygiene to keep the VPN active at all times when accessing work data or services.