Managing cybersecurity for a remote workforce requires careful consideration of your people and processes.
The COVID-19 pandemic made remote work a business necessity. And while you may have supported a handful of work-from-home employees beforehand, a rapid transition to a fully remote workforce is likely to test your capabilities. There isn’t a one-size-fits-all solution when you pivot from a traditional, physical hub to a virtual workspace, but there is one critical concern that should guide your actions: cybersecurity.
Effective cybersecurity requires both visibility and control. When your day-to-day business operations are centralised, it’s simpler for IT personnel to safeguard data and resources. They’re able to monitor networks, supervise hardware and software usage, and help govern employee behaviour to insulate your company from cyberthreats. They’re gatekeepers and guardians with defined perimeters, 360-degree views, and the power to manage endpoints and end users alike.
But what happens when your employees have to work remotely from their homes? What happens when they use household wi-fi, personal devices, and public applications to keep in touch with colleagues and complete job-related tasks? And what happens to your corporate security posture when it’s suddenly linked to domestic ecosystems that you cannot see and do not own?
The digital landscape has been changed by COVID-19. The threat landscape has been changed as well. One of the biggest challenges for cybersecurity teams today is the protection of remote workers (and workloads) in a fluid environment where the risks have been greatly amplified by the current social and economic circumstances. While businesses are grappling with the coronavirus fallout on all fronts, cyberattackers are looking for novel ways to exploit systemic vulnerabilities and individual fears. Security measures that factor in technological and human considerations are more important than ever before. You need to look at your protocols and your people as you adjust your defensive strategy for the current situation, and the future beyond it. Our remote-work checklist will help you to close the gaps and strengthen cyber hygiene.
1 | Have you instituted a remote work policy?
Few organisations were equipped to transform their employees into remote workers at the pace required for sustained productivity at the start of the pandemic. Travel limitations and retail restrictions also made it difficult to purchase new corporate hardware for personnel to use at home. As a result, there are several remote-work scenarios still in play: staff using company-owned devices; staff using their own devices; staff using borrowed devices from friends and relatives; or a combination of these.
A comprehensive policy that outlines the terms and conditions of remote access to corporate resources, as well as the roles and responsibilities of everyone involved, can reduce the risk of costly disputes in the event of a security incident. Your business may also have additional legal obligations regarding the handling of personally identifiable information and intellectual property in such circumstances, and you may need to consult an expert for guidance on the applicable local and international laws.
2 | Have you educated remote workers about device security?
Make sure that your employees understand the importance of system updates, program updates, and software patches as part of a healthy cybersecurity routine – and be prepared to offer additional support to those who do not usually perform these tasks on their own.
You can also put device maintenance and protection under your corporate umbrella with a cloud-based endpoint management platform like Microsoft Intune, which gives you the ability to manage and secure company-owned and employee-owned Android, iOS, Windows, and macOS devices.
3 | Have you mandated antivirus software for remote machines?
Check that all devices used by remote workers have adequate firewalls and up-to-date antivirus software installed. This is particularly important for the smartphones, tablets, and laptops that employees use personally and professionally.
Windows 10 has Windows Defender Antivirus built in, and if your IT teams are monitoring endpoints with Intune or a similar solution, then you may have additional functionality to improve the cyber safety nets around remote devices.
4 | Have you enabled secure remote connections?
Your employees’ home office environments may be shared by their spouses, partners, children, roommates, or even tenants. And their home networks may support web-enabled appliances like smart TVs, or IoT automation systems like lighting control, or wearable technology like fitness trackers, in addition to their own portable devices. Every connected item is a potential gateway for cyberattackers.
You can buffer corporate resources against this wider threat landscape by enforcing the use of Virtual Private Networks (VPNs) and remote desktop applications. Make sure that remote workers do all they can to safeguard their home wi-fi routers as well, in terms of physical security (making it tamper-proof) and cybersecurity (changing its default password out of the box).
5 | Have you made MFA compulsory for remote workers?
Implementing multi-factor authentication will help you to maintain control over core system access and protect sensitive business data. The extra steps that remote users have to take to verify their identities are essential security checkpoints for your organisation – and additional obstacles for malicious actors.
Phishing attacks are increasing as cyber villains move to exploit the public demand for coronavirus-related news and information. And you may already know that around 80% of data breaches are linked to compromised, weak, or reused passwords. Enabling MFA can help you to secure every employee login, no matter where the employee is located.
6 | Have you given remote workers a dedicated IT support team?
You have to account for the fact that technical aptitude differs from person to person, and that remote work in itself may be daunting for employees who are more comfortable in a communal office where the IT department is a few metres away. Make sure remote staff know who to contact for everyday troubleshooting and emergency intervention, so that they don’t have to look for workarounds and quick fixes that could compromise their cybersecurity, and by extension, your company’s as well.
The COVID-19 pandemic may have pushed you to explore remote productivity earlier than you’d planned – but if you make cybersecurity the guiding principle for your remote workers today, then they’ll be better prepared to face the digital environment of the future.