The COVID-19 pandemic has left organizations scrambling to adapt to having their entire staff working remotely on a full-time basis. There are many challenges to overcome, not the least of which is limited network connectivity and the need for secure VPN connections to protect sensitive data. Generally, businesses have less than 20% of their staff working remotely at any given time. Today, everyone is working from home and needs a large amount of internet bandwidth as well as secure access to the corporate network. Unfortunately, most networks are not able to scale up rapidly to support a high volume of external traffic over inbound gateways, which leaves workers with issues connecting as well as slow connection speeds once they are on the network.
Having the capacity to support so much remote work is one issue, but perhaps the more significant concern is the security risks from the home office. How secure are your employees’ home networks? Do they have encryption on their Wi-Fi? Are they running anti-virus software, and have they installed the latest software patches? Your most significant vulnerability comes from workers who click on things they shouldn’t, are not updating their systems with the latest patches, and are not employing basic security hygiene.
Begin with Corporate Security Basics
- Re-evaluate your Data Recovery Plan. Ensure that critical data has been identified and is in the backup plan. Verify the frequency and retention periods for that data. Be ready to restore it when needed.
- Ensure software patches are up to date on servers and workstations.
- Check your inventory of SSL/TLS certificates – where they reside, and when they expire.
- Use asset management tools to monitor what devices are on your network.
- Require VPN connections for access to secure systems. Set and communicate policies for when VPN use is required.
- Leverage Multi-Factor Authentication and other secure access methods to provide extra protection when users access sensitive applications and data (e.g., HR, Finance, etc.)
- Implement a Zero Trust model, where the user must authenticate to access systems (i.e., all access requests are verified before granting access vs. logging in one and having full access everywhere).
Establish the New Rules for Working Remotely
Communicate with workers using IT equipment provided by employers. “There is often a range of software installed in the background of company IT that keeps people secure. If a security incident took place on an employee’s personal device, the organization – and the employee – may not be fully protected.” How to stay cyber-secure while working from home
Develop cybersecurity policies that address the new reality of working remotely, including:
Use of Personal Devices
- What activities are allowed on a personal device? (e.g., Email, Time Entry)
- What activities are not permitted? (e.g., saving work documents to a personal device, sending work emails from a personal email account)
Collaboration and Communication
- What Collaboration and Communication tools are permitted, and for what purpose? (e.g., Slack, WhatsApp, Google Hangouts, GoToMeeting, Zoom Meeting, SharePoint, MS Teams, etc.)
- How to handle sensitive documents
- Are workers allowed to print documents? If so, which ones?
Education and Awareness
- Make these policies and guidelines available online and downloadable.
- Conduct a series of short training sessions to educate your workers on the new operating realities and what is expected of them.
Will there always be a need to support remote work for organizations? Undoubtedly, but a balance needs to be struck when everyone is suddenly working from home. They say that necessity is the mother of invention, which leaves us to find creative ways to navigate around the disruption. While technology is one tool to support remote work, another path is to manage the human factor in order to maximize the impact of the available technology and mitigate the inherent risks with a remote workforce.
Follow @Idenhaus on Twitter and subscribe to our Identity Management biweekly and/or our healthcare IT biweekly newsletter.
Idenhaus is honored to be featured in the Top 10 Identity Governance and Administration Consulting/Service Companies of 2019.
By going to work quickly to solve the most challenging cybersecurity and identity management problems, Idenhaus takes the pain out of securing corporate information and assets for companies that aspire to maximize their potential in this digital age. Click here to contact us