The last year forced a tectonic shift in the American workforce with little time for implementation. This nimble flexibility may have mitigated the economic fallout, but it also created unprecedented cybersecurity threats as corporate access was decentralized.
Now as businesses catch their breath and readjust to the new normal, it’s time to evaluate digital infrastructures and implement protocols that can protect sensitive data shared among a mostly remote team.
By understanding the challenges posed by remote working, honestly assessing cybersecurity risk profiles, implementing stopgap measures while devising longer-term plans, and instilling the importance of digital hygiene to employees, your company can effectively protect its sensitive data and emerge stronger and poised for a brighter future.
Security Challenges Created by Remote Working
Even before the crisis, cybersecurity was a paramount issue for every business with a digital footprint, but when public health policies forced office workers everywhere to log-on from home, the threat to corporate data expanded exponentially.
Every remote workstation creates another data endpoint, and with it a slew of additional potential vulnerabilities. Such an escalation of intrusion points is like blood in the water for hackers, who have seized upon pandemic conditions to quadruple their number of attempted cyber crimes during the outbreak.
IT experts emphasize that best security practices must protect sensitive data throughout its entire lifecycle (from collection-to-disposal), and not simply during access and transmission. This means implementing policies that address proper handling wherever the information resides: from in-house servers, to cloud storage, vendor access, client communications, and Wi-Fi networks.
All of these junctures are put under greater strain when networks are stretched to accommodate a scattered workforce. Whether data protection is crucial to maintaining a competitive edge, your servers harbor privileged client information, or your company handles sensitive material subject to statutory privacy requirements (HIPAA, SOX, GDPR), you cannot afford to let the new off-site paradigm put your business at risk.
Conducting a Security Assessment
The first step towards optimizing your infrastructure for a mostly remote workforce is analyzing your current system – where it has withstood the change in workload, where it has proven vulnerable, and where improvements are necessary.
Inherent shortcomings might have been compounded by the rapid integration of unproven/unsecured tech necessitated by COVID’s quick onset: cloud-based software, collaboration platforms, personal devices, file-sharing services, and so on were all quickly adopted without proper vetting, and many proved to have fundamental flaws of their own.
Check the security of your network connections, evaluate the need for full encryption and adoption of multi-factor authentication, make certain new vendors are similarly serious about cybersecurity (and not leaving you vulnerable to back-door attacks), review conferencing platform choices, and verify the integrity of all web-based applications by performing dynamic application security testing (DAST).
Cloud applications and software-as-a-service (SaaS) enterprises provide solid solutions for remote workers by making data accessible anywhere while always keeping it under central control – provided those apps are reliable. The security experts at Cloud Defense recommend black box testing tools like DAST, which allow the identification of security threats while third party applications are running by deploying proxies between the application’s browser (front-end) and server (backend).
You may also wish to monitor the productivity and practices of your workforce in this new environment – observe how employees are using (and bypassing) tools as they adapt to working from home, so you can best target your solutions.
Employee Partnership
No matter how many guidelines consultants compose and IT specialists install, most will prove worthless if end-users undermine them or simply don’t take them seriously.
Seldom will employee non-compliance be actively malicious, but studies suggest that up to 90% of cyber-attack successes prevail because of human error. When workers aren’t well-trained, don’t remain vigilant, or simply become distracted, they open your whole network to exploitation.
Another problem is how employees may make cybersecurity mistakes in the name of greater productivity. In fact, 50% of remote employees knowingly take security shortcuts to get around inconvenient requirements, including using unsanctioned outside software to accomplish a task.
To whatever degree possible, enforcement of your remote working cybersecurity guidelines should be foolproof, but to do this you’re going to need the cooperation of your employees. Educate them regarding protocol importance, incorporate their concerns when drafting policies, devise securty training exercisese, and incentivize them to comply.
Optimal cybersecurity is a team effort, as there’s a lot of coding and technical expertise required. But only when corporate, IT, and remote employees work together will precautions coalesce as solutions.
Strategies and Precautions
Equipping your network to safely handle an expanded remote workforce may ultimately require a comprehensive overhaul, but first you need to triage priorities and adopt easily-implementable measures that can make a big difference quickly.
The first order of business is synchronizing basic security between your network and remote workers. Certify that all employees are running updated software firewalls/anti-virus/anti-malware on their local machines. Better yet, sign them up for cloud-based apps to access your data without needing to download it.
The next basic step is to ensure that each remote employee has access to a secure password manager, which can create multiple hard-to-guess passwords and rotate between them on a consistent basis. Even difficult passwords can even be deciphered by hackers with knowledge of how to do brute force attacks, which is why rotating between passwords is critical.
Next, be sure to prescribe a designated method for file-sharing, lest your employees default to comfortable public alternatives (like Google, DropBox) or simply emailing sensitive data. Subscribing to a Managed File Transfer (MFT) system (a modern, more secure incarnation of File Transfer Protocol) allows for safer swapping of files among your team or with external parties.
Another wise strategy is to require all remote workers to use Virtual Private Networks (VPNs) when using company data. VPNs add a layer of encrypted security to connections between employees and your network. They should ideally be used any time your team logs on, but especially when they use public WiFi networks, like in cafés or airports.
Again, “free” VPN services are available, but as Toronto-based cybersecurity expert Ludovic Rembert of Privacy Canada notes, businesses should be very cautious about the free VPNs they choose to use: ”Most people looking for totally free VPNs are asking for trouble. Free VPN services (half of which are owned by Chinese companies) still need to make money, and they do it by taking advantage of the client in multiple ways without them even knowing. Some of the methods can be truly harmful.”
Conclusion
It’s time to commit to making remote corporate infrastructure as secure as possible.
By conducting full assessments of current IT networks, applying quick-fixes to easily exploitable components, and empowering a remote workforce with the tools and training to guard vulnerable endpoints of your sensitive data, companies can rise to the demands of the current crisis and become better prepared for future challenges.
In many ways, the evolution of our online solutions mirrored the trajectory of the public health response: we started by doing the best that we could with clumsy, ill-suited tools and now we’ve progressed to more elegant solutions that will ensure our long-term survival. If your business weathered the storm, you should be proud but not complacent. It’s time for self-improvement, and then sunnier days ahead.