In the wake of COVID-19, businesses experienced a dramatic spike in the number of employees working from home. According to Forbes, while only around 10% of the workforce was working remotely last year, the number has increased significantly in the past months—and that may not change. Forbes also discovered that only 12% of employees want to move back to the office. However, with a rapid up scaling of remote workers, there’s danger. A recent study from Cybersecurity Insiders found that 70% of IT leaders self-reported they were somewhere between moderately prepared and completely unprepared.
Here’s a closer look at how you can take steps to keep your cybersecurity health on track for a remote workforce.
Revisit Your Training and Planning
Earlier this year, many organizations dusted off their work-from-home plans to determine how ready their systems were, how well trained their teams are, and other aspects of preparing for large-scale remote work. Others jumped into the fray, figuring things out on the fly. As remote work continues to flourish, now is the time to embrace planning and training. A significant number of breaches are due to employee error, according to recent studies. Here’s some aspects to consider:
- Is employee hardware secured? This might involve installing anti-virus updates, backup software, remote device monitoring, and taking other steps to help patch any vulnerabilities.
- Is their software secured? Implementing best practices to prevent hacks—such as enabling two factor authentication and requiring difficult-to-hack passwords—are good baseline procedures to consider.
- Is their network secure? Are employees connecting to your network via their home Internet, sharing bandwidth with gaming spouses or homeschooling children? To improve network security at home, there are several solutions—from requiring a VPN to access software to installing low-provisioning SD-WAN networks—that employees can plug-and-play for faster and more-secure access from home.
- Is your team up to speed? Now is a great time to invest in basic security training and ongoing testing to ensure that you’re offering your employees the best training and security. Revisit the fundamentals and consider raising awareness of COVID-19 specific scams and what tools to leverage at home for maximum security.
Embrace the Cloud for Programs and Security
One of the simplest moves a company can make to be remote-work ready and safe is embracing cloud computing. As Mimecast recently stated, “If an existing, critical application can’t be moved to the cloud, start the process of getting a new, cloud-based application to take its place. In the meantime, the users of the remaining on-premises applications should be the priority for continued VPN access. But over time your use of VPNs should diminish dramatically.” When applications are based in the cloud, it’s easy to control access, enact security features (such two-factor or multi-factor authentication), and more.
Another area to consider is cloud-based solutions for areas such as network security, end-point management, access, and more. Not only are these more likely to work well no matter where on the globe workers are based, but you can enable automated and ongoing security scans, threat intelligence detection, and isolation that can monitor every touch point in your network. A recent study by Cybersecurity Insiders found that 68% of leaders were concerned about security risks from file-sharing solutions, while nearly half worried about the same with conferencing and collaboration apps. Taking steps to use smart security in conjunction with cloud-based applications can help significantly improve your security position.
Step Up Access Controls
Identity management was heating up before COVID-19; now it’s been thrown into the spotlight. Developing better strategies to identify your workers and verify their identity—and validate access to sensitive data and systems—is key to reducing the threat from hacks and other issues. Some best practices to consider include:
- Leveraging identity management tools and features that are available from public cloud providers, SaaS companies, and other partners
- Implementation of solutions—such as two-factor and multi-factor authentication—that add another layer of protection
- Utilizing firewalls and other tools that can help limit unauthorized access to your network
Prioritize Network Security
Your network is the gateway to your organization’s most important information, and a compromised network can bring a remote workforce to its knees. This is a top point of consideration when thinking through your security strategy. Implementing solutions such as SD-WAN allows you to use software defined networking principles to create guidelines for managing network behavior.
MIT Sloan writes, “Start with stopgap measures that can be implemented immediately, such as revising existing cyber risk guidelines, requirements, and controls on how employees access data and communicate with a company’s network. Rules of behavior analytics need to be adjusted to consider changes to the ‘normal’ behavior of employees—many of whom now work outside standard business hour—so that security teams can effectively focus investigations.” Assess how network performance and access has changed; take immediate action where possible to secure your network. Ongoing improvements can be scaled over time.
Create Plans for Employees to Report Problems
One of the ways you improve cybersecurity is by planning for the unexpected. If your workforce is remote, issues can come up that your team doesn’t anticipate. What should someone do if they accidentally download malware or notice a spike in attempted attacks targeting their department or accounts? If an employee dealing with sensitive information is concerned about their at-home network security, who can they call? Having a clear path for escalation and consultation on these issues can help individual employees remediate situations before they become serious. It can also surface larger problems that you didn’t expect and give you insights into challenges that need to be solved. Remote work may be here to stay, but keeping your team productive at home or as a distributed workforce doesn’t have to compromise security. Contact Connection today (anchor to form) to discuss your business, your remote workforce needs, and developing a comprehensive plan of services and solutions that will allow your team to work safely—no matter where they’re based.