As an example of the acceptance of remote working becoming the optimal way to carry on working, both Facebook and Google have announced they will let employees work remotely through the end of 2020, as reported by the BBC. These decisions, pertaining to the U.S., are based on different pieces of information from public health agencies, like the Centers for Disease Control and Johns Hopkins, as well as government guidance.
To assist companies to manage the remote working experience, Tom Patterson, cybersecurity expert and Chief Trust Officer of Unisys, shares with Digital Journal insights and tips regarding the security implications of a continued remote workforce.
First of all, Patterson says that maintaining security is something that should not be overlooked: “As more and more companies follow Facebook’s lead in extending work from home (WFH), extending corporate security perimeters into employee homes becomes critical.”
The second point that Patterson makes is the importance of not overlooking the potential security risks from other connected devices found in the home: “For the first time, corporate networks need to account for home devices including video games, kids’ toys, cameras, appliances, and an array of unpatched devices from tablets to old phones.”
Patterson also cautions about utilizing older technology, as his third point, in an attempt to help foster remote working:, given the inherent vulnerabilities: “Opening an old-style virtual private network (VPN) circuit into employees’ homes may do more harm than good, letting in a host of malware hidden inside an innocuous employee transaction. The VPNs also won’t be able to handle either the scale or the security requirements needed.”
In terms of what needs to be considered, Patterson’s fourth and final point is to embrace zero trust approaches. Zero trust security means that no one is trusted by default from inside or outside the network, and verification is required from everyone trying to gain access to resources on the network.
According to Patterson: “Now is the right time for organizations to embrace modern security principals including zero trust, software defined networks, microsegmentation, and biometric identities that can support the scale and security requirements of a majority of workers staying remote.”
