As the COVID 19 coronavirus pandemic continues to intensify, more and more organizations are encouraging (or even requiring) employees to work remotely. For many industries, this transition has proved relatively smooth. Innovations in telecommunications and cloud computing have made it possible for them to continue working quite productively.
This development hasn’t come as a surprise to the Compuquip team. Our MSSP team has been working remotely with great success since 2018. Many of our other key services have been handled remotely since then as well, and our entire office shifted to being fully remote at the beginning of 2020. Given our history with managing a virtual workforce, we understand the advantages that going remote can bring to an organization.
More importantly, we have plenty of experience in dealing with challenges that come along with making that transition.
With so many companies making an abrupt shift to a virtual workforce, we’ve spent the last few weeks fielding a lot of questions about how that change impacts their cybersecurity considerations. That’s why we’ve put together a list detailing a few of the most common security challenges facing the remote office as well as a number of solutions we’ve helped them implement to protect their data and applications.
Many employees believe that as long as they have an internet connection, they can work from anywhere. While this may be true in a literal sense, it doesn’t mean that they should be working from just anywhere. With the coronavirus keeping most remote workers at home, chances are good that most of them will be logging in and working through a secure wifi connection. But all bets are off when they decide to work from another location. The public wifi connection at the local coffee shop or library, for instance, offers little protection from malicious actors looking to spy on remote workers or access confidential information. Make sure your employees know which networks are safe and which ones should be avoided for work purposes.
Employees working from home may be logged into a secure wifi connection, but that doesn’t necessarily protect them from any threat. Employer issued devices typically have a variety of security applications and tools in place to protect them from potential risks. More importantly, they connect to one another through a secure company network that has an array of defenses such as antivirus software, customizable firewalls, and automated backups. Home devices and networks lack most of these protections. While someone may have antivirus software installed on their home computer, they may not have it on their tablet. Even an unsecured Bluetooth device, like a smart speaker or a thermostat, could make it possible for malware or malicious actors to compromise multiple devices within a household simply by gaining access to one device. If employees are going to be using personal devices for work purposes, they need to be educated about how to configure them, what security software to install, and how accessible they should be to the rest of the home network.
Malicious attacks like phishing emails should be a constant source of concern for any organization at the best of times. In a time of confusion and anxiety, there are even more opportunities for these attacks to target vulnerable and unsuspecting victims. An employee may know how to recognize a typical phishing attack, for instance, but what about that email message that looks an awful lot like a health update from the state government? Or what about a message about working from home that seems to have been sent by your boss? Nefarious scammers will be looking to capitalize on people’s fears and desire for more information, so it’s important to remind remote employees how to distinguish legitimate work correspondence from potential attacks.
Many of these problems can be avoided by taking the time to implement solutions designed to keep your network secure. While many companies have been put in a position where they must implement work-from-home solutions on the fly, there’s no reason why many of these measures couldn’t be implemented remotely. At Compuquip Cybersecurity, we’ve been working tirelessly to help organizations take the necessary steps to secure their networks for remote work.
Here are a few steps every company should consider taking for the virtual workplace:
Perhaps one of the most important things a company can do is set up a secure gateway to their internal network. In fact, any company that allows employees to access their system remotely should be doing this anyway. While organizations often turn to virtual private networks (VPNs) to maintain security, they are increasingly implementing zero trust network access (ZTNA) instead. In fact, Gartner has gone so far as to predict that 60 percent of enterprises will have phased out their VPNs in favor of ZTNA by 2023. The core principle of ZTNA is that the internet itself should be treated as an untrusted transport. Rather than logging directly into a network, access to applications instead occurs through an intermediary, typically a secure cloud service of some kind. The ZTNA model then uses a trust broker to provide connectivity to applications based on context (who is accessing, what device is accessing, etc.). The key advantage of ZTNA over a VPN is that ZTNA provides application access without network access while also masking applications from the open internet.
Another way of securing the network is to require employees to use browser-based portals or virtual desktops to access data and applications. Key assets remain stored on the portal’s server and cannot be accessed, downloaded, or saved to a local device without permission. The portal can be set to prevent the user from accessing other internet sites while they’re logged in, which makes it less likely that an employee could accidentally spread malware by visiting unsecured sites.
Allowing employees to have remote access to a company network isn’t an all or nothing proposition. By setting different levels of access privileges, organizations can create a secure and highly partitioned network that prevents people from accessing data and applications that they don’t need to use in the course of their work. This environment is much more secure against infiltration from an outside threat because even if an employee’s device is compromised by malware or a man-in-the-middle attack, the attacker will not be able to move laterally through the network. While setting the right access privileges is especially important for remote employees, it should be considered a best practice even if everyone is working from the same office.
Another important security measure that should already be in place under normal circumstances, having redundancies in place to back up data and critical systems as part of a disaster recovery plan is even more important when employees are working remotely. If your network goes down or data is lost, remote workers can be left twiddling their thumbs without much of anything to do. That means lost productivity and missed opportunities. Without a strong backup system in place to help an organization meet its recovery time objectives (RTOs), significant amounts of business can be lost in the interim.
Although you may have been telling them not to for years, most people still end up using the same (usually weak) passwords across multiple accounts and devices. All it takes is for a cyberattack to compromise one of these accounts, and then the attackers gain access to all of them. With employees shifting to remote work, now is an ideal time to require them to change their passwords and utilize secure password manager tools to strengthen their account security. Setting up multi-factor authentication, which requires an additional piece of information to be provided in order to access an account (usually a text or email confirmation in the case of remote work). These precautions are extremely effective against many automatic cyberattacks.
With the growing public health crisis forcing more organizations to adopt remote work strategies, it’s critical that they also take the time to get the right cybersecurity measures in place to make those strategies successful. Thanks to our personal experience building a secure virtual workplace, Compuquip is the ideal partner for companies that need to go remote, but may not have the policies and controls in place to safeguard their data and applications. Whether it’s reviewing your existing security posture, setting up a virtual CISO service, or working with you to manage potential threats, the team at Compuquip is here to help you get through this difficult time.
Contact us today to learn how we can make your remote workplace as secure as your home office.