Here are four ways security teams can support a sudden and large remote workforce
Security measures put in place across global organizations historically have not been one of the top three priority investments. If asked, almost all company leaders would say that they value productivity over security every time. Sure, C-level executives know it’s important to have a strong security posture across the business to keep assets secure and that security must strike the balance between ensuring digital integrity and meeting the productivity needs of employees working both inside and outside the office.
Not long ago, many businesses—and leaders of those businesses—encouraged and preferred employees to physically work in-office. In this scenario, many of these companies’ existing technology tools were not 100% up to security standards, yet endpoints didn’t need to be defended by state-of-the-art endpoint security technologies, as they were controlled in-network and many staff conducting work onsite leveraged desktops and other devices hard-wired to an on-premises network. With the sudden shift to a global remote workforce, an in-office employee workforce is temporarily non-existent, thrusting security into the limelight across all organizations as they put measures in place that secure their high-value assets.
Supporting the Remote Workforce
Right now, IT and security teams are under enormous pressure to maintain the highest level of security across the business, while enabling global remote employees to be as productive as possible. How do you support this disparate workforce that is leveraging myriad devices—both company-owned and not—to get their work done securely, all the while ensuring that unauthorized data leaks of sensitive information don’t occur? Here are four tips security teams across any organization should consider implementing now to support today’s global workforce.
Make Sure it’s Flexible and Modular
Your organization’s security has to go wherever your remote workers are. It must also be adaptable to support any change in an employee’s location. Employees don’t want to risk productivity and will react poorly if the security measures put in place prohibit them from getting their work done efficiently. They will look to other, non-secure options that will put your organization at risk. If employees can’t get what they need through their company, they will go elsewhere for it and potentially open up vulnerabilities. For example, be aware of what SaaS solutions employees are leveraging. Do you know about all of them? Are they making cloud backups of business-critical data using an unauthorized solution? It’s important to communicate to your users the security technologies and processes in place and to ensure they are robust and flexible enough to support the dispersed workforce.
Encrypt All Drives
Every laptop and every mobile device can represent a significant risk since the data stored on them is, by definition, mobile. Over the past few years, numerous companies had very bad days (from a security and trust perspective) as a result of data loss. Be sure to encrypt all drives—if an employee accidentally leaves a device at a coffee shop, for example, the organization can feel secure that the sensitive data and the business at large will not be compromised thanks to the encryption capability in place. Don’t forget about mounted drives; if you can, encrypt USB keys, portable drives, etc., as well.
Multi-Factor Authentication (MFA)
Enforce multiple layers of authentication for access to any system of information that is deemed sensitive. Modern, adaptive methods should be employed since two-factor authentication has been compromised in certain scenarios. Users of internet banking systems are used to using MFA solutions so this shouldn’t result in too much friction during implementation.
Don’t Forget the Endpoints
Be sure your security program gives you a 360-degree view of what employees are using to access company assets. With the reality of bring your own device (BYOD), employees are accessing the corporate network either with company-owned devices or their personal devices, making it difficult to track and secure some of these endpoints. Put security measures in place so you know which endpoints have access to what resources. Intelligent software installed at the endpoint will protect devices from modern malware and provide the necessary visibility at the endpoint.
Today’s global remote workforce is giving security some of the attention it deserves, whether this attention is welcome or not. Organizations regardless of size will continue to be vulnerable to sophisticated attacks, but in today’s climate, the threat vector of choice for cybercriminals will be to compromise an organization by finding entry points through the remote worker. As security professionals, we need to ensure that security continues enabling employee productivity in a secure fashion, wherever in the world they may be. Don’t let poor security practices impact your business in a negative way.