Securing the New Normal: A Perspective on Managing the Risks of Remote Work

Rob Price offers considerations for keeping your organization secure during this period of remote work

Over the past few weeks, companies around the world have adopted a work-from-home model wherever possible for the health and safety of their employees and communities. While this shift is critical right now, the challenge is that not every company was ready for such a sudden move, especially as you consider the potential security risks of a remote workforce. Now that many of us have begun supporting remote work, it’s important to look at asset management through a cybersecurity lens and uphold the best practices that will continue to safeguard our businesses.

While many office workers have laptops, smartphones and other mobile devices, a significant number of them are rarely used outside the organization’s network. Even when workers traveled with devices or conducted remote work prior to this shift, it was at a much smaller scale and less likely to stretch infrastructure and support capabilities. For those who did rely on a desktop, some will take their setup home while many will be switched to an unfamiliar laptop or asked to use their personal equipment to access work systems. In all these instances, the security policies in place for remote work may be somewhat unfamiliar.                  

Working from home increases risk

The risks involved in working from home are different from those involved in working in an office. At the very least, home workers will be using domestic broadband and could be sharing that space with others. If not managed properly, your remote workforce can unintentionally introduce significant risk to your organization as a result of:

Consider 3 questions about the state of your remote workforce

According to research from IDC, 70% of data breaches occur at the endpoint. Securing those devices is critical to keeping both your organization’s information and your customers’ data, safe. To that end, here are a few questions to consider as you work to improve the security of your remote workforce.

1. Is a laptop or desktop more secure inside the organization’s office?

In the office, your users’ devices are secured behind a firewall so, even if there are vulnerabilities, they’re harder for an attacker to access. It’s also much easier to track down the people who haven’t rebooted their machines recently and ask them to do it so security updates can be made. Or, it’s possible to do it for them, even if they’re in the middle of something. This is also somewhat dependent upon what processes and best practices you may already have established – especially if your organization is not already supporting a distributed workforce.

2. How is your VPN set up?

Some organizations push all traffic through the VPN which is usually great for security purposes. However, do you have enough bandwidth to handle the increased volumes of external traffic coming across your gateway? And what about the bandwidth available to your users from their homes?

At the moment, even areas with good bandwidth are seeing the impact of increased work from home and school closures that have forced workers and students to use domestic internet access at the same time.

If you do mandate the use of VPN, then you probably have enough licenses and capacity for all those who regularly work from home. However, it would be reasonable to assume that less than 100% of them would ever be using it at any one time. This assumption will likely cause problems today. What many organizations fail to understand is that the solution isn’t simply buying more licenses but that the physical infrastructure has capacity limits as well.

Some organizations make VPN optional, particularly if the majority of users only work from home occasionally and primarily use SaaS applications that don’t require them to connect to their own IT infrastructure. This may solve the capacity issue but if people are connected to their home WiFi – which likely is much less secure than corporate networks – then endpoint vulnerabilities must be a concern and need to be addressed proactively.

3. What does a cyberattack look like?

Cyberattacks can take many forms. Particularly when a large number of your workforce is deployed remotely, how would they spot a cyberattack or notify the appropriate teams of suspicious activity? While the majority of cyberattacks right now are done via phishing emails to users, if successful, a cybercriminal may be able to connect to the rest of your organization or even deploy malware or ransomware – and create significant problems. This is even more likely if a victim’s device contains existing vulnerabilities like outdated or unpatched software.

Key steps for securing home working

There are simple steps you can implement today to immediately improve your remote security posture. They won’t fix everything, but at a time when we’re having to respond quickly to constantly changing circumstances, they can minimize the risk while you focus on broader enablement. More robust solutions can be put in place later.

 

Do the best that you can but don’t let one emergency create another one within your organization. Recognize the risks and implement these simple measures to improve your odds in the always evolving cybersecurity landscape.

If you’re interested in learning more about managing new ways of working, licensing oversight, cloud strategies and more, be sure to check out our newly launched resource center.