Secure Remote Access in the Age of COVID-19

Bill Virtue

There are many businesses that have had a remote workforce for some time now. And in many cases, they also had a plan in place to deploy remote workforce connectivity and support. Due to COVID-19, there is a growing recognition for a remote workforce at scale. Several vendors have stepped up to assist getting your users connected, but there may be a few bumps in the road.

We’ve already witnessed businesses with stretched IT support staff. But there is now an urgent need to deploy remote access capability to a much larger community, even if temporary. The equipment and connectivity requirements for reliable remote access will take some time.

Users are asking, how do I get to my files and how do I connect to this meeting?  This remote setting is different for users that have been displaced by COVID-19. Many of the remote-access solution providers are stepping up to assist businesses with rapid deployment strategies. On the front side of this, we see free trial licensing, deployment, support, and more. On the client side, this includes the ability to connect remotely to the back-office resources needed for access. It will take some doing for many businesses to ramp up their remote workforce and connect employees to the corporate network via VPN or other direct access.

How Does Security Fit into the Equation?

Necessary user assets must be secure and provide the same level of security, remotely, as on premises. It would be nice to think this will all be seamless, but it won’t.

Businesses are quickly shifting to a remote workforce and providing assets to users for connectivity, productivity, and collaboration. Users need to ensure they have the right tools (e.g., hardware, apps, licenses, etc.) that will deliver as seamless an experience as possible. Now is the time to ensure that there is a process to provide secure connections back to the corporate office. It is also important to have strict authentication and access controls in place.

Some users will utilize personal devices, including laptops, tablets, smartphones, and home-based firewalls, that provide a security concern. These devices will not have the level of protection and connectivity that is secured by the layers of technology back at the office. And in some cases, the home office will have a cable modem without a firewall. As businesses offer instructions on how to connect remotely, they should also think about how to connect securely ensuring connecting devices are running adequate antivirus, at a minimum.

Remote workers are also likely to transmit content from corporate resources back to their home office. This means setting up the right access controls for those users who need access to specific content and restricting access to others. Be sure that users are aware of policies and guidelines related to responsibilities, expectations, and usage of corporate assets, even as they connect remotely.

Don’t Forget Data Loss Prevention Policies

When remote access is granted to employees, data loss prevention policies should also be considered. It’s important to review policies to ensure any sensitive content remains confidential. Email encryption policies should also be examined, when transferring sensitive information outside your corporate environment. And in some cases, there may be compliance-related challenges that will need some attention, as users bring sensitive data outside the corporate environment and into their own homes.

Cybersecurity Awareness Training Is Critical

Confirm that your remote workforce knows how to identify phishing attempts, as there are likely those looking to exploit this opportunity.

Additionally, make sure when your workforce goes back to the office, and they will, that any devices they bring back into the office are not already infected. Some level of scanning, on every device connecting to the network, will ensure that the corporate environment stays protected.

Working at the office, from home, or at the local coffee shop—users need to talk to their IT departments about secure access. Security should be top of mind, as some are sure to take advantage of this new normal.

Stay safe!

Bill is a Senior Systems Engineer at Connection with over 30 years of experience in Networking Solutions, Information Security, and Identity Management. Bill is a founding member of the ISSA NH chapter dedicated to promoting Information Security within the business community. Bill is also a US Navy veteran and held Operations Management positions within the Atlantic Fleet. Bill has broad knowledge in the Security and Compliance space and has consulted on large scale enterprise deployments and security projects and contributed to many technical articles and technology white papers. When he has free time, Bill enjoys catching up with family and friends and riding his Harley Davidson.