The widespread pandemic of COVID-19 caused by the virus SARS-CoV-2 (a novel coronavirus) has forced employers to urge their employees to work from home wherever possible in an effort to reduce the rate of transmission of the disease.
This sudden shift to remote working has left employers and employees alike scrambling to adjust to the nature of remote work. While remote working can absolutely be done effectively, many employers do not yet have the planning and resources required to manage a remote workforce.
If you have opted to offer work from home opportunities for your employees and you would like to keep sensitive data secure, here are 5 key cybersecurity considerations for your remote workforce.
Let’s face it – your organization’s internal security measures are far greater than what can be reasonably expected of your employees that are working from home. To keep sensitive data safe it must be kept as secure as possible for both in-house and remote employees.
Remote workers that require access to the organization’s network will need to be supplied with secure remote digital access options such as a virtual private network (VPN) or Office 365’s remote access environment. These digital access options will provide remote workers with access to the files and emails they need to perform their job duties while mitigating the risk of data breaches as they will not need to sync data to the device they are using at home.
If your organization will be relying heavily on cloud services when working with sensitive data, you should also consider a Cloud Access Security Broker (CASB) such as Microsoft Cloud App Security, MVISION Cloud, or Bitglass. CASBs provide a suite of security tools that allow them to act as a protective barrier between the infrastructure of your organization and that of the cloud service provider.
If your organization has abruptly implemented an en-masse request for employees to work from home to mitigate the vectors of transmission during the COVID-19 pandemic, you will need to plan accordingly to ensure that your remote workers have the resources they need.
Employees may not currently have adequate internet access or bandwidth to perform work functions for a variety of reasons. They could be located in rural areas with limited internet service options, they may not be regular internet users, or they may only have a lower bandwidth internet connection that suits their typical at-home needs just fine.
It is critical that remotely working employees do not use public/shared wifi to perform work tasks if their devices will have access to sensitive data. Public wifi is an attractive target for cybercriminals and the security offered by these networks is likely insufficient for preventing unauthorized users from detecting traffic on the network.
The use of personal devices in the workplace is not a new concept; many companies have a Bring Your Own Device (BYOD) policy that allows employees to use personal devices to accomplish work tasks.
If your organization is not fully prepared to shift a majority of its workforce to a work-from-home arrangement, it may be tempting to ask that remote workers use their own personal devices when working from home. If you decide to allow your employees to use personal devices, there are cybersecurity considerations you should be aware of.
Where feasible, your organization should consider renting, leasing, or purchasing devices that employees can use as dedicated working machines while they work from home. This will provide you with greater options for patch management, employee monitoring, and endpoint security.
The human element in cybersecurity is difficult enough to manage for in-house workers. When your workforce is suddenly forced to work from outside the office, monitoring employees to ensure they are following cybersecurity best practices will prove to be a challenge.
Phishing scams are always a concern for IT administrators. Cybercriminals are taking advantage of the concern over the 2019-2020 coronavirus pandemic to target employees for phishing scams. Employees should always be alert for phishing scams, however, it is important to remind them that cybercriminals have a habit of using current events as bait.
Employees that are not typically cybersecurity conscious and instead comply with acceptable use policies due to social/professional pressures may be tempted to relax their cybersecurity practices when at home and away from their colleagues and managers. Increased focus on the importance of cybersecurity will help to mitigate negligent insider threats during this time.
Endpoint security is a critical consideration for employees working from home. Their unfettered access to personal devices and the infrastructure restrictions they have will make them more difficult to secure than in-house employees. That said, there are some best practices you and your employees can take to perform remote work securely.
As mentioned before, employees that are working from home and using personal devices will likely not be comfortable having their devices secured with software agents for monitoring and endpoint restriction. This will be one of the unfortunate limitations of relying on personal devices for remote work during this time. Employees that are using personal devices should not be granted access to sensitive data to mitigate these risks wherever possible.
If you would like to learn more about adapting to an influx of remote workers, we welcome you to read our related posts: