Top Three Considerations for Your Remote Workforce
With the majority of the population across the globe sheltering in place due to COVID-19, the uptick in remote workers is putting strain on VPN usage, and communication and collaboration tools. There has also been a notable increase in security threats with approximately 80 percent of newly reported threats having some connection to COVID-19. This pandemic is not a secret. Threat actors are taking advantage, and they understand the implications of businesses quickly enacting their Business Continuity Plans quickly without adequate time for testing. Below are three topics to consider now that your entire workforce is remote.
Dial Up Your Security Posture
Organizations must remain vigilant about protecting not only the physical well-being of their employees, but also their digital well-being.
Communication is key. Ensure your employees are aware of the current threat environment. Hackers are using COVID-19 topics to trick employees into clicking on phishing links or downloading malicious files. We’re seeing emails saying that a co-worker or a neighbor has tested positive for COVID-19 in order to entice users to click on links or malware executables attached to emails. It is important to have email security tools in place like Proofpoint to help screen for these types of phishing attacks.
Conduct a vulnerability scan. You can use tools like Tenable to conduct a vulnerability scan, starting with IP addresses, and drilling down further to understand vulnerabilities behind the firewall.
Multi-factor authentication (MFA). MFA is one of the most reliable preventative technologies if something does happen to a user’s identity. Use MFA in any situation where employees are connecting back to corporate networks. If you are allowing your employees to use their own devices (BYOD), encourage them to enable MFA on their personal applications as well, to build their own personal digital strategy. Duo Security offers a free 30-day trial.
Stay current. Ensure your antivirus software is up-to-date and your systems are patched. Make sure your applications and operating systems are running at the latest patch level. Contact your security vendors to verify that they are delivering the most up-to-date security features.
Asset management. With the current state of business operations, endpoint management tools like Altiris, Big Fix, Qualys, etc. are key if your employees are taking corporate assets home. Some employees may switch jobs, or decide not to return to the office, so you need a tool that allows you to easily remote-wipe the corporate data off any assets they may or may not be returning.
Encryption. If you don’t already have encryption on these endpoints, it might be tough rolling it out now – but note it down as a “lesson learned” for the next time around.
The Balance Between Security and Functionality
One of the philosophies Secure-24 utilizes is that increased functionality and the ability to work does not have to come at the price of security. There should be a symbiotic relationship between establishing and maintaining a robust security posture, as well as the ability for end-users to accomplish their day-to-day tasks with ease.
At the end of the day, most of our users just want to do their job. Ninety percent of the time when users violate security rules, its simply because they’re trying to do their job and they have found an easier way than the corporate-mandated way to do so. This is where it becomes really important for both IT operations, as well as security, to ensure the end-user experience is seamless.
The idea that my corporate office is the only secure, protected location with authentication and firewalls is a thing of the past. Our laptop is where all of the security needs to be in place. I need to be just as secure if I’m in the office, at a local coffee shop, or in my home — the same security posture, capability to work, efficiencies, and tools are in place, regardless of where I work.
Historically, digital transformation has been completely focused on “how do I modernize my applications or put them in some sort of cloud platform?” But, what I think we will begin to see as a result of this pandemic is the transformation of the end-user experience. Now that the majority of applications are in cloud platforms, and accessible over various types of Internet, VPN, or VDI applications, the focus has shifted away from “what are the tools I can use to modernize my business” to “what tools will give my end-users the most efficiency and ease of use?”
Imagine opening a box full of different tools that will allow my employees to work efficiently and securely, whether it’s from the office, home, or from a local coffee shop. The transformation comes into play when I can use a “just enough access” approach for each employee. For example, if I’m a healthcare worker and I need access to EPIC for EHR records, Citrix becomes a great solution for application delivery. Or if I’m an SAP BASIS administrator, I have access to SAP through a remote VPN solution – and I am only provided the access levels that I need to do my job.
This mindset of “just enough privileges” will continue to get refined over the course of the next 12-24 months. As things start to calm down from this immediate BCP reaction we’ve had, people have positioned it as a digital transformation of their work force.
The way in which we do business will be forever changed as a result of the COVID-19 pandemic. It has certainly forced us to think outside of the box. Just remember to establish a strong security posture and to stay connected with your employees!
Here’s a link to some best practices for working from home: https://www.secure-24.com/best-practices-for-employees-working-remotely/. You can also listen to Secure-24’s first podcast: Episode 1: “Your Entire Workforce is Remote, Now What?”
Shane Brennan is the VP, Security Operations at Secure-24.