The coronavirus health crisis has forced millions of workers (who are able) to transition to working from home. That poses numerous obstacles to workers meeting their deadlines and doing their jobs. Security management and enforcement have become some of the most important and critical transitional needs involved for both workers and their employers.
The transition will obviously pose challenges to those privileged enough to avoid public spaces and work remotely. However, the concept of remote work isn't a new one; companies have been facilitating remote work for some time.
Security tips for employers and IT managers concerning remote work
The thousands of new remote workers with potentially vulnerable networks and devices have cybercriminals chomping at the bit to take advantage of this devastating crisis. We’ve already seen an influx of coronavirus-related phishing attacks, large-scale disinformation campaigns, and elaborate, malware-injecting coronavirus-related content.
Companies need to be aware of the threats posed by this rapidly changing work environment we see today. Here are a few tips for companies to plan, manage, and facilitate necessary security measures.
Centralize administration, establish policies, and account for assets
Companies should have security policies in place regardless of whether their employees work remotely, but recent events may require significant updates to those policies.
Network access policies should limit access to the business network, applications, and other information hackers value; these policies help ensure only authorized parties with a legitimate need have access to view, edit, or use sensitive data. Using identity and access management (IAM) software, companies can authenticate their employee’s identity before providing access to corporate assets.
Compliance guidelines should be developed to prevent the loss of sensitive or personal information and to avoid fines. Setting role-based privileges is effective in defining access permissions to sensitive information, and should shrink a company's attack surface. Organizations should outline and encrypt sensitive data stores and sensitive data in transit using encryption software. Many other industry-specific compliance regulations only apply to specific businesses. These should be accounted for and managed continuously. Data loss prevention software can also help companies prevent data from unauthorized extraction; the most common accidental data loss is when employees download copies of files to use on their local machines.
Password policy development and enforcement should also be a core part of every organization's security plans. Companies should require devices and account passwords be updated regularly. They should also enforce strong password protection guidelines that follow industry standard policies such as those NIST (National Institute of Standards and Technology) releases every year. The natural corollary to password protection is adding multi-factor authentication to accounts, which requires a second or third verification step before granting access to corporate assets.
Bring-your-own-device “BYOD” policies are commonplace among modern businesses, but companies should still keep a close eye on all devices connected to their network. Companies should enforce regular anti-malware, application, and system updates. The most difficult aspect of BYOD security management is ensuring sensitive files and information doesn’t leave the network. User and entity behavior analytics platforms can be used to set behavioral benchmarks and continuously monitor activity to detect anomalies and insider threats.
Harden applications and secure the network
Asset management becomes increasingly more important for a business the more diverse and widespread their remote workers are. To combat that, companies should develop and maintain an inventory of devices, applications, and patches. Endpoint management and patch management solutions are helpful in accounting for devices and ensuring they’re updated, respectively. Some companies will also implement mobile application management systems to prevent unapproved applications from being installed on the company’s devices. For the most part, all other device management needs should be satisfied, be they BYOD endpoints or employer-provided devices, using either IT asset management or enterprise it management suites.
Secure the network. Small and growing businesses often overlook the risk associated with employees using unencrypted connections or public Wi-Fi. Those individuals and their respective devices will be the first targets for hackers. Businesses should consider requiring employees to utilize a remote-access virtual private network (VPN) if there is any chance staff will be using public networks. VPNs will encrypt the user’s online activity, regardless of their network’s security, hiding their devices and information from cybercriminals.
Zero trust networking is a newer approach that can effectively secure information and networks; the model runs continuously in the background without the need to log in, unlike a VPN. These tools utilize microsegmentation to restrict access if a hacker achieves privileged escalation or an internal employee attempts to access something beyond their authorization. Furthermore, multi-factor authentication (MFA) and risk-based authentication (RBA) are excellent ways to bolster security and ensure everyone accessing an organization's network is who they say they are.
Improve security awareness and operations
Ensure security staff availability by providing employees with contact information for security staff, including phone numbers, emails, and other contact information. In the event of a security incident, it is important for remote workers to alert security teams quickly.
Establish security awareness programs to help educate employees on the security threats they may come into contact with and the knowledge necessary to identify them. These tools can often be customized to meet the needs of a specific company. This means employees will know exactly how threats will appear within various applications they commonly use. Many tools also offer simulated attacks to evaluate employee responses and phishing tests to see if employees are consciously examining all emails.
Establish operational workflows and incident response plans. Operational workflows can make the incident management and response processes significantly more effective. Companies should be sure to outline each individual’s responsibilities, as well as how security or IT teams will communicate internally and designate an executive to communicate externally. IT alerting solutions are highly recommended to improve each security staffer’s response speed and remediation efficacy. Security orchestration automation and response (SOAR) platforms can also be useful in automating low-level security tasks, and risk-based vulnerability management software can help identify and prioritize business-critical issues.
The future of remote work environment security
The global remote workforce has continued to grow as home networks improve, device technologies evolve, and cloud-based applications become the most critical tools for their jobs.
Leaders at any business adopting new technology to secure remote workstations should ask themselves if these new technologies are a fix for a temporary issue or permanent solutions for future workers. Temporary solutions should be closely monitored, but companies should dedicate sufficient staff and resources for potentially permanent solutions to succeed in the long term.
In both cases, user adoption is key to a solution’s success. Initial training is a start, but the ever-changing security threat landscape will require employees to be educated continuously.