It’s a situation that few of us thought we’d ever find ourselves in, but here we are. With the emergence of coronavirus (COVID-19), the working world is forced to adopt a new type of productivity, with organisations of all sizes adjusting to a new type of ‘business as unusual’. Office workers, schools, universities, government agencies, and even some healthcare providers are suddenly facing the prospect of working from home and their employers are in a predicament to work out how they can facilitate it. The challenges in securely managing systems and data have increased dramatically, leaving managers, IT teams and employees all scrambling to adapt.
Even if your workforce was largely remote or already had a strong ‘work from home’ culture, it’s time to revisit your remote work capabilities and what that means for cybersecurity. As these systems and policies transition from optional to mandatory, the Australian working class will soon find themselves tapping away at keyboards in a range of dynamic environments. From home offices to kitchen tables and living room lounges, these pop-up productivity zones are full of insecure technology like consumer-grade Wi-Fi and Internet of Things (IoT) gadgets. There are also factors of the analogue kind like pets, curious children, friends, and relatives to contend with.
For me, securing remote workers comes down to four key areas of consideration that must be assessed. These include external cybersecurity, internal cybersecurity, capacity and governance.
Now that your workforce essentially becomes a remote workforce, you must be sure your perimeter defences are resilient and adequately secured. Undertaking vulnerability assessments and penetration tests against your perimeter is crucial in securing the sudden surge of data traversing a normally insecure network and sensitive services being accessed from insecure home and remote locations. Cybercriminals know this and your infrastructure suddenly becomes an attractive target for DDOS attacks and other disruptions. With an increase in remote accessibility, connectivity must be secured. Be on the lookout for an increase in scams and phishing emails seeking to exploit your remote workforce!
Oh yes. Even if you are cloud-based or in a hybrid on/off-premises environment, external cybersecurity has to be taken very seriously, because now more than ever, it just has to work, and be secure!
Bonus Points: If your remote access doesn’t currently use Multi-Factor Authentication (MFA), this is a must going forward. Take this opportunity to demonstrate its value and implement it.
This can be rather complex, but start with what is accessible via remote access. If it was only ever used for system administrators, you must be able to control what is accessible when connected from afar. Network segmentation, access control roles, privileged access management, and all kinds of security must be applied to ensure people have access to what they need, and are restricted from what they don’t. Also, with the office unoccupied by all but the most essential staff, ensure your facilities are physically secure along with the systems they house.
For internal security concerns, a vulnerability assessment can go a long way to helping you secure your environmental, physical and technical controls.
Now that you have secured your network inside and out, what’s next?
If you normally don’t have a lot of people working from home, you need to be sure your systems can handle the load. Are your links big enough? Is the infrastructure capable of handling the increase in connections and traffic? Do you have enough remote access licenses to allow everyone simultaneous connectivity? Do the internal links and systems have the ability to handle a sudden surge in remote access? It’s time to make sure you have enough horsepower to handle the surge, and you must also consider this could be for an extended time and not just short-term pain.
On the same token as the internal concerns, capacity can be addressed by reviewing the specs on all interconnected systems. Speak with your ISP and service providers about your ability to scale up and have sufficient bandwidth. If you need to upgrade your hardware, speak with your vendors to explore solutions that can handle the workload or your ability to upgrade existing systems. Review your licenses to make sure your systems can facilitate your remote staff.
Finally, with all of the technology in order, you need to make sure it’s managed correctly.
Do you have policies and procedures in place that cover remote access and work? Is there a minimum set of standards for what users can and can’t do, and from where? What is the policy on accessing sensitive customer or corporate intellectual property from a “non-work” location? With significant penalties at stake for mishandling private data or potential losses arising from industrial espionage, the safe and secure access and use of data is paramount.
Review your policies and procedures to ensure that workers can access what they need without being unduly hindered, but also aware of their obligations in managing the confidentiality of intellectual property and private data from customers. You may like to consider security awareness training for end users.
Businesses suddenly find themselves in the unenviable position of dealing with a largely-remote workforce and having more threat vectors to secure. The attack surface has increased dramatically, but there is a way forward.
Thankfully, there are a lot of options to step up your security game. Cloud Access Security Brokers (CASB) can help safeguard those cloud apps and connections. Data Loss Prevention (DLP) can protect your data from leakage, accidental or deliberate, and monitor where it goes and who is using it. Using modern mobile devices like laptops and tablets protected by Endpoint Detection and Response (EDR) systems is crucial in safeguarding users and systems while they connect to your business.
There are also free trials and vendor offers you may like to take advantage of to help secure your remote workers during this time.
When the situation passes and it’s back to ‘business as usual’, you can rest assured the efforts you make now to secure your workforce and systems will be worth it long after COVID-19 leaves the news. Your solutions will demonstrate that you can adapt and respond to threats quickly and thrive in a remote working environment; perhaps your business may even move towards a permanent remote working model to save money, attract new talent from untapped locations, and give people better flexibility and work-life balance.
We’re all in this together. Reach out to me any time if you need further guidance.
Stay safe out there!
Tags: Cisco, Cisco AnyConnect Secure Mobility Client, Cisco Duo Security, Cisco Umbrella, COVID-19, Kaspersky, Mobility, Palo Alto Networks, Palo Alto Next-Generation Firewalls, Palo Alto Prisma Access, Penetration Tests, Remote Access, Remote Workers, Security, Security Awareness Training, Sophos, The Anywhere Workplace, Vulnerability Assessments