Working from home has become the new normal for a large portion of the global workforce. For a number of businesses both big and small, keeping their workforce healthy amidst COVID-19 has spurred their first large-scale venture into remote capabilities. Many business owners are beginning to see the benefits of an approach that provides greater remote flexibility to their employees as an established post-pandemic strategy.
There are certainly many benefits to a remote work scenario – even beyond the protection it can provide from a health pandemic! Hiring remote workers can expand hiring pools beyond your immediate geography, reduce daily commutes, and possibly increase performance and productivity.
But it’s important to keep in mind, especially in current times, that the “bad guys” are out in full force. Hackers notoriously use crises to target distracted users who have let their guard down. Thousands of new domains (yes, thousands) with the word “Coronavirus” or “COVID” have been created since January, many for malicious purposes. These bad guys are still after the same thing; they want your credentials, your data, your intellectual property, etc. Even in this new work-from-home world, they are still trying to make money stealing, then selling or using your data, to commit fraud.
Whether you intend to deploy a remote work option for the long or short term, you should consider a few facts from a security standpoint to ensure you protect your organization.
What Risks Can Be Associated With Working Remotely?
There are a number of risks and challenges your organization should be aware of when implementing a remote work environment.
The same safeguards you have in place within your office are not fully applicable in remote situations. Your organization loses some control over the security of the physical environments your employees find themselves in. Those working from coffee shops, libraries, or even their homes will have networks, private or public, that have security vulnerabilities.
Another threat can be the sheer lack of training or education your employees may have on security best practices. Clear communications should set expectations around the roles and responsibilities of each employee when it comes to keeping their environment secure.
It’s easy to underestimate these risks in light of the great benefits working from home can yield. That’s why it’s so important to establish guidelines and enact precautionary measures so you can reap these benefits while enabling a safe remote work environment. Here are a few suggestions.
Training, Education & Communication
Piling a security incident on top of a crisis is not something any leadership team wants to manage, so it is imperative to reinforce security best practices through regular communication, creating a culture of security. Some of the biggest risks associated with remote work can be traced to the employee’s understanding of security best practices and expectations.
It is important to communicate to your employees on a regular basis and constantly remind them of their Information Security Training. Even simple reminders can instill knowledge and create new habits to help avoid a breach:
- Don’t click on links in emails from senders you either don’t recognize or weren’t expecting to hear from (and slow down to review each one!)
- Don’t open attachments from senders you either don’t recognize or weren’t expecting to hear from
- When in doubt ask the security team
Even if your employees are well versed in security best practices, we must realize that we face a new world, and we have to think about things a bit differently now. Instead of locking your workstation because you don’t want prying eyes to read anything confidential, you may be locking your desktop so your 4-year old doesn’t start clicking on malicious links!
Tools & Infrastructure
Making sure you set up your infrastructure and your employees with the right tools and technology to empower safe remote work is a critical piece of the puzzle.
- VPN: Being able to create a secure tunnel into your infrastructure is a preferred method of connecting to work resources. Pairing this with a Multi-factor Authentication (MFA) solution is particularly effective.
- VDI - VDI, or Virtual Desktop Infrastructure, provides enhanced flexibility when it comes to remote access. With VDI, a standardized desktop can be accessed from almost any approved device and from just about any location. For frequent travelers who need access to their virtual apps and data, VDI is a means to connect to this information on demand. From a security standpoint, VDI provides for better protection of data since it never needs to leave the datacenter, reducing management costs and allowing more flexibility with the security controls you can apply such as security automation. VDI also can play a key role in your disaster recovery plan especially when paired with public or private cloud providers giving you the ability to scale out on demand, provide geographic diversity and potentially save you money by not having to duplicate your compute and management cost at a warm site.
- MFA - What is MFA exactly? MFA is using more than one factor or type of authentication to access devices and software. For example, a username/password combo (something you know) AND using your fingerprint (something you are). With today’s smart phones, you’ve likely experienced fingerprint or facial recognition as a form of “something you are.”
- Restrictions on use of personal equipment: In addition, hooking up personal equipment or software up to company supplied equipment poses a significant security and liability risk to the organization.
- Restrict software or applications to approved list: Unapproved applications can also pose a significant Information Security risk. Some apps don’t allow you to control where recordings of confidential discussions are stored. Problems with software patching can create a vulnerability that a hacker could then exploit.
Remote work has become the new normal for many, and may continue to be a necessary and permanent option for your organization in the long term. It’s best to spend some time making the necessary considerations and employee training to get it right now so you can reap the benefits of a remote work scenario while ensuring the security of your organization.
Check out these other entries on remote work:
Jay Allpress, Vice President, Information Security at GreatAmerica Financial Services, has been actively involved in physical and information security for over 25 years. In his current role at GreatAmerica, Jay is primarily responsible for the development and delivery of a comprehensive Information Security Program for the organization. Prior to joining GreatAmerica in October, 2017 Jay performed similar duties for Hills Bank and Trust Company from 2001 to 2017. Jay served 10 years in the United States Air Force and Iowa Air National Guard. He is an active member of Safeguard Iowa Partnership, Infragard and is a Certified Information Systems Security Professional (CISSP) and a Microsoft Certified Professional (MCP). Jay received his Associate of Applied Science degree from the Community College of the Air Force in Electronic Systems Technology.