The COVID-19 pandemic inspired a massive shift in “business as usual”. Before the pandemic, most organizations did not support telework programs or had a very small percentage of their employees working remotely. In the wake of COVID-19, many organizations are now considering extended or permanent support for telework and must consider securing remote workers.
As employees move out of the office, organizations must consider the IT and security implications of a remote workforce. Employees working from home have different security requirements and are exposed to different cyber risks than on-site workers. Securing remote workers is essential to reduce the risk of a breach and expensive downtime and lost productivity.
Best Practices for Securing Remote Workers
The shift to telework driven by COVID-19 means that organizations need to design and implement a cybersecurity strategy that is designed for a remote workforce. While this may include a number of different changes from existing cybersecurity strategies, the following best practices are essential for ensuring telework security.
1. Use a Secure Remote Access Solution
When working from home employees are connecting to the enterprise network via their home networks and the public Internet. This means that these workers are exposed to threats that do not exist when they are working on-site.
Many organizations’ cybersecurity solutions are deployed at the network perimeter, scanning traffic as it enters and leaves the corporate network. With telework, traffic may not pass through this boundary naturally as remote employees work with cloud-based infrastructure and applications.
For this reason, secure remote access solutions – such as virtual private networks (VPNs) or secure access service edge (SASE) – are a priority for securing the remote workforce. These solutions ensure that remote workers’ devices and traffic are inspected and secured by an enterprise security stack.
2. Implement Multi-Factor Authentication
User credentials and authentication are a persistent security problem. Password-based authentication systems are easier to implement and comprehensible to users, making them a popular option. However, peoples’ propensity to use weak passwords and/or use the same login credentials for multiple online accounts places their online accounts at risk of compromise.
This issue is only exacerbated for a remote workforce, which is increasingly reliant upon online authentication portals. Remote workers use remote access solutions – like VPNs and the remote desktop protocol (RDP) – to log into systems hosted on the enterprise network, and cloud infrastructure and software as a service (SaaS) solutions have become a critical part of the modern enterprise. To do their jobs, all of these systems must be public facing, exposing them to credential stuffing and other password guessing attacks.
When organizations cannot trust that their employees will implement strong password security, they need to take steps to secure their businesses in the event that a compromise occurs. Multi-factor authentication (MFA) helps to limit the impacts of breached or guessed passwords since the attacker requires access to the second factor as well to log in successfully. Additionally, the use of MFA is increasingly required by data protection regulations, like the Payment Card Industry Data Security Standard (PCI DSS).
3. Deploy Endpoint Security
The endpoint has always been a vital part of cybersecurity. However, many organizations have focused on the network, attempting to block threats before they reach the endpoint by filtering out malicious content at the network perimeter.
With the shift to telework, this approach is no longer viable, and endpoint security is more important than ever. Remote workers are much more likely to be working from personally-owned and dual-use, which are less likely to conform to corporate cybersecurity standards or have enterprise cybersecurity solutions installed. Additionally, these devices are likely to (at least occasionally) connect directly to the Internet, leaving them exposed to infection by malware without the protection of enterprise network-based cybersecurity solutions. Any infected devices can then be used as a staging point by attackers to access enterprise systems via their VPN connections.
For a remote workforce, the endpoint is the first line of cyber defense and needs to be effectively secured. This includes installing corporate endpoint security systems on teleworkers’ devices to enable the SOC to monitor and defend these devices against cyber threats.
For more strategies, see our related article with 9 defensive techniques to secure your business.
4. Provide Tools for Secure Collaboration
In a remote work world, employees can no longer have face-to-face meetings or work together in person. However, this does not mean that these employees no longer have the need to communicate and collaborate with one another.
The surge in telework in the wake of COVID-19 drove an increased interest in online collaboration platforms. Employees are increasingly using online platforms to communicate, share documents, and otherwise perform the same activities that they would in the workplace.
If an organization does not provide corporate-approved and usable solutions for online collaboration, then teleworkers will find their own. For this reason, organizations should select, implement, and endorse an approved platform for secure communications and document sharing within their organization.
5. Have a Clear Telework Policy in Place
Most employees are not accustomed to working from home or knowledgeable about what is or is not appropriate when teleworking. While some deviations from the norm – like taking off a few minutes to help a child with homework – are harmless, others can pose a serious threat to an organization’s cybersecurity.
Employees that are used to working from the office are accustomed to having the organization’s cybersecurity defenses protecting them. When working from home, even the lack of URL filtering to block malicious or inappropriate sites can make a significant difference and expose teleworkers to malware.
Many of the mistakes that remote workers make regarding cybersecurity originate from ignorance, not malice. Companies should put into place a clear telework policy that outlines cybersecurity best practices, acceptable behavior, and how to respond to a potential cybersecurity incident. This provides employees with the guidance that they need to stay secure while working remotely.
6. Invest in Outsourced Security
With telework comes an expanded threat landscape for enterprises. Remote workers are more likely to be compromised by cybercriminals, and remotely remediating cybersecurity incidents is more difficult than on-site response.
These new challenges may overwhelm an organization’s existing security teams. Partnering with a SOC as a Service provider can give an organization the resources and experience it needs to excel in securing remote workers.
Securing the Remote Workforce
As organizations and employees adapt to the need to work remotely, their cybersecurity needs to adapt as well. Traditional approaches to cybersecurity – which are dependent on employees being physically in the office – are ineffective for a remote workforce. Implementing these best practices for telework cybersecurity lays the groundwork for an organization seeking to adapt its cybersecurity program to a teleworking world.