The spread of Coronavirus and the associated illness, COVID-19, is all anybody is talking about right now – and for good reason. COVID-19 is changing the way enterprises are operating, forcing many employees to work from home in a bid to practice social distancing and limit the spread of the disease.
The full effects of the pandemic to businesses and the general public are yet to be realised, with the number of cases increasing rapidly on a daily basis. However, it’s important that businesses try as best they can to carry on operating as normal, as the crisis is a finite one.
The business landscape has changed, and whether this remains a temporary change or a permanent one, it’s important that we consider the ramifications to cybersecurity. Businesses must be able to maintain security, integrity and continuity throughout the pandemic, and this will require constant vigilance and the adoption of some new practices, policies and technologies.
Unfortunately, we live in a world where attackers, and even opportunistic insiders, may seek to take advantage of any relaxed security measures during the crisis and confusion.
The Challenges of Remote Working
As more of us (including yours truly) find ourselves working from home for the next few weeks at least, it is imperative that IT and security teams have a handle on privileged access. You do not want your employees to be accessing sensitive data from an open or unsafe network. VPN networks are always recommended (although using VPNs alone does not ensure security).
Another major issue with remote working is that many employees will have to use their own devices if the company has not provided secure ones for them. This raises some issues with how data is stored and whether sensitive data remains in the possession of employees through their personal devices even after they have left the business.
Then there’s security issues that are harder to defend against, such as general carelessness when handling sensitive data. This can take the form of accidentally leaving personal devices unlocked in public, or sending an email to the wrong person, for example.
How to Overcome the Remote Worker Challenge
Overcoming these challenges is a difficult question to answer. Organizations have been attempting to find the right balance of policy and technology for years as working from home becomes more popular. Here are some lessons we can learn from those companies already adopting these tactics.
Using Multi-factor Authentication
Stolen credentials remain one of the biggest causes of security breaches for remote workers. Using multi-factor authentication when logging into company portals will help to mitigate some of these risks. In addition, you should always encourage your employees to use strong passwords and not to write them down anywhere that they may be at risk.
Ensure You Have Secure Networks Set Up
Working from home is a significant change in day to day communications for most workers. In light of this, many employees may be tempted to send sensitive information across unsecured networks, especially if the proper channels and practices have not been established.
Remove Excessive Permissions
You need to ensure that your employees only have access to the data they need to do their job. The vast majority of your employees will not need privileged access, and yet a large number of organizations operate with numerous excessive permissions.
For this, you may need to adopt a solution that is able to report on current permissions and permission changes. You may even want to consider a Privileged Access Management solution that can enable you to revoke excessive permissions automatically.
Provide Secure Devices or Security Software
In times like these, companies need to make serious steps towards keeping their data secure with a remote workforce. If you haven’t provided secure devices for your workers to use when they work remotely, then you will need to at least provide and ensure the installation of firewalls, antivirus software, VPNs, data security platforms and up to date software.
In response to the pandemic, Lepide have put together a Remote Worker Monitoring Pack for organizations to quickly deploy to start monitoring the behavior of users working from home. More information can found here.