Cybersecurity for Remote Working: Is Your Business Ready?

The latest news on lockdowns and travel bans around the world may appear drastic for some, but the reality is that all companies need to get comfortable with their employees working from home. Remote working is our new normal.

If COVID-19 has taught us anything, it’s that there will be times that businesses need to make sure employees can work from home securely and efficiently. IT teams need to ensure that employees have the same tools and services available to them that they would have if they were in the office.

Challenges of Remote Employees

There are many challenges to providing a business infrastructure to support remote workers. Cybersecurity is, of course, on top of that list. There is also the issue of stress on business VPNs and concerns over business continuity when a large percentage of employees are forced to work from home due to sickness or natural disasters. Further, enabling peer-to-peer (P2P) collaboration, especially crucial when employees are in isolation, is not trivial.

Strict data privacy laws and cybersecurity protocols make supporting remote employees even more daunting. The problem is it is difficult to restrict employees from using approved apps that comply with corporate policies. For example, employees may prefer to use their apps or services to send and receive sensitive data when remotely working. EFSS tools such as Dropbox and Google Drive are of utmost concern for IT since they do not provide the proper insight into where sensitive data resides at rest and in motion.

The answer lies with tools such as managed file transfer (MFT), which gives IT the security controls necessary to stay compliant without hindering workflows or P2P collaboration. Email is always there, but with strict limits on the size of attachments to avoid overloading email servers, having managed file transfer in place allows your employees to communicate and collaborate securely and in compliance with corporate policies.

Besides, IT teams are on the hook for data compliance. Remote working does not excuse the fact that you still need to provide audit logs and robust reporting that can be quickly served to auditors. In health care and finance, reporting and tamper-evident logging have always been a requirement and will continue to be during this pandemic. Here, managed file transfer can help.

Helping IT Know Who’s Working Remote

Platform as a service (PaaS) and software as a service (SaaS) applications have been a boon to IT teams and end users around the world. IT can control who has access to those applications and services, regardless of the employee’s location. However, authentication becomes even more critical since employees are not always logging in from internal business networks, VPNs or company-issued devices.

In Verizon’s “2019 Data Breach Investigation Report” (DBIR), data showed that passwords caused 81% of data breaches over the past few years. This data alone ultimately concludes that IT and security teams cannot safely rely on passwords as the only way of authentication.

That’s why single sign-on and multifactor authentication have become exceedingly important in terms of authenticating remote workers. Authentication becomes more vital during remote working. Since many of the apps and services are now in the cloud rather than on-premises, employees can now work remotely without causing a halt in business workflows.

The Importance of MFA and SSO

With MFA in place, businesses don’t only need to rely on passwords. As most of us know, passwords are always going to be the weakest link in cybersecurity. Employees often use the same passwords they are applying to personal accounts. Duplicate passwords for personal and business use is a security hole in itself since if an employee’s personal accounts are breached, then bad actors may also use those credentials to access the business infrastructure. And even when they’re using proper password hygiene, employees end up grappling with too many passwords. To make matters worse, employees can’t remember those passwords most of the time.

Based on an article by TechRepublic, larger companies that are using SSO and MFA, the average employee needs to maintain around 25 passwords. That’s small beans in comparison to smaller companies that lack authentication tools. Without MFA and SSO, employees may have to deal with as many as 85 different passwords. And you can be confident that increases the number of help desk tickets IT receives daily.

Password management tools such as LastPass have been useful in this regard. Still, MFA gives an extra layer of security that can prove an employee is who they say they are, whether it be by authenticating via another mobile phone or device.

SSO has also been an excellent way for businesses to provide a more secure layer for remote workers while maintaining business continuity. Based on research conducted by CSOOnline a few years ago, 61% of respondents believed that identity and access management (IAM) is more complicated than it used to be.

With the implementation of SSO for web apps and cloud services, IT teams can track and manage access control remotely. If employees are terminated or leave the company, IT can change that single password and former employees won’t have access anymore.

It is also recommended to roll out SSO in conjunction with MFA. The two of these features together can be a one-two punch that businesses need to ensure cybersecurity. This also allows employees to authenticate from their devices if they choose without having to remember dozens of passwords for different apps and services. Giving employees one password to rule them all makes it easier for employees to quickly connect to apps and services remotely, thereby minimizing the risk of Shadow IT.

Conclusion

An entire company working from home is very stressful for IT. With the right tools, many of the issues can be addressed, security being the most critical. With MFT, multi-factor authentication, and SSO, IT can enforce compliant data security practices while also enabling employees to collaborate effectively with little to no downtime, regardless of location.

Featured eBook
Managing the AppSec Toolstack

Managing the AppSec Toolstack

The best cybersecurity defense is always applied in layers—if one line of defense fails, the next should be able to thwart an attack, and so on. Now that DevOps teams are taking  more responsibility for application security by embracing DevSecOps processes, that same philosophy applies to security controls. The challenge many organizations are facing now ... Read More
Security Boulevard

Gregory Mooney

Greg Mooney is an IT and Security Evangelist with over 10 years in the tech space. He is the host of the award-winning podcast, Defrag This, available on iTunes and Spotify. In addition, he also is an avid blogger and speaker on topics relating to IT troubleshooting, data security, and compliance.

gregory-mooney has 1 posts and counting.See all posts by gregory-mooney