3. Employ cloud-based solutions.
Cloud-based cybersecurity solutions that protect the device, cloud and identity of the user—that’s the ticket for secure remote working. The new generation of cybersecurity solutions, optimized for secure remote work, are deployable in seconds, cloud-managed, silent to the user and invasive to the attacker.
4. Secure the perimeter.
Businesses need to secure the corporate perimeter when moving to a remote workforce. This means tying VPN to Active Directory and enabling multifactor authentication to make sure the right people are accessing networks, apps and data. Businesses should mandate VPN use on public Wi-Fi and remind employees to avoid opening emails and clicking on URLs from unknown senders and to keep passwords safe.
5. Consider virtual desktop environments over VPNs.
Companies must ensure employees can securely access everything they need to do their jobs effectively from home. Using VPNs has been the traditional method, but it limits access to a small number of internal company applications and cannot secure many of the online apps employees need. Companies should consider testing and bolstering a virtual desktop environment to provide a great user experience.
6. Trust, but verify.
When working remotely, it’s easier to be misled by fake requests from people you know (spearphishing). Teach your team how to spot the signs, as well as how to verify any requests. The easiest way is to always use another channel, like calling them or jumping on a video call.
7. Carry security protocols over to home offices.
It’s not just about the security platform that the CISO has put in place but how employees continue that business continuity into the home office. It’s critical that as users move to remote working the security team has a plan in place to carry all of the security protocols and policies over to ensure that home users are just as secure as if they were in the corporate office.
8. Deploy mobile security software.
The most effective cybersecurity measure is the implementation of an agile mobile security platform that can be installed on any device accessible by the employee—regardless of the operating system or manufacturer—and that is built around a model of data-centric security. Without those key elements, companies risk slower deployment times, lost company data and extensive overhead costs.
9. Remind employees to guard their home routers.
We have seen with smart cities and enterprises that remote contractors and staff may have the greatest VPN, but their home router may be the weakest link. Many people buy home routers and never change the default password. Botnets are out seeking these open doors—once they gain access, they infect the worker’s PC and enter the organization through the VPN. This is an area not managed by IT.
10. Know your access points.
The rush to work from home is a situation in which the prepared do better. It’s critical to keep an up-to-date network map to handle whatever comes along. For example, show where your VPN access points are and whether they have the correct access. Most organizations struggle to maintain a reliable map of their changing world, but it can be automated.
11. Remember that temporary pain will bring long-term advantages.
The COVID-19 crisis is accelerating many developments that will improve the cybersecurity posture of organizations. Security teams are looking for SaaS security applications that can be deployed with ease and with no disruption to productivity. Many organizations are still far away from this, using only on-premises solutions, and the crisis is forcing them to change their approach.
12. Create a specific action plan for critical functions.
Like any new service, secure remote working needs organizations to define and implement security policies, procedures and controls. However, in most companies, the challenge is that a few critical functions are not designed to work offsite. Those need a quick process redesign and risk assessment to come up with a short-term action plan followed up with a sustainable long-term control framework.
13. Don’t wash your hands of cyber hygiene.
The most significant threat to cybersecurity is still employee negligence. Anticipate a substantial increase in malicious cyber-targeting of remote workers. No matter the location, you must establish a culture of security, protect mobile devices, maintain computer cyber-hygiene, properly deploy and maintain firewalls, have current antivirus software, and, most importantly, plan for the unexpected.
14. Focus on endpoint security and VPN use.
Ensure robust endpoint security and VPN use on all devices, including personal devices that may now be accessing company systems and data. Using a cloud-managed solution enables streamlined centralized control, visibility and policy enforcement.
15. Assess your company’s threat model work.
A good rule of thumb that easily translates to remote work, VPN use, etc. is to view all traffic and actors as nefarious until proven otherwise. In the end, cybersecurity measures ultimately come down to a company’s threat model work, which is the primary key to driving their cybersecurity risk assessment and countermeasures.