The coronavirus pandemic has led to a huge growth in the work-from-home trend, turning millions of people into remote workers. To achieve this companies need to assess the appropriate technologies (such as the video-conferencing service Zoom and the chat app Slack) and consider how best to manage their workforce. There are other considerations too, such as the effects of isolation on the mental health of personnel.
James Carder, Chief Security Officer & Vice President of LogRhythm, looks at some of these issues for Digital Journal. He begins with the trigger for the boom in home working: “The coronavirus outbreak is truly global with everyone around the world thinking, talking, and worrying about protecting themselves from it.”
The consequence is that: “Remote access has become crucial for business operations during this time; however, while remote access can help maintain productivity levels, it also exposes the organization to a number of additional threats. Life is full of unexpected circumstances, and businesses should be ready to handle anything from a snowstorm to a pandemic.”
Ideally, firms will have prepared for the crisis, as Carder notes: “Because of this, companies should have a tested business continuity and disaster recovery plan in place. If you don’t already have one, you should start working on one. Having a plan ensures all the logistics associated with moving to a remote workforce — including maintaining availability of critical business applications — are accounted for. It also prevents you from sacrificing security for the sake of availability since, for example, you’ve already accounted for critical actions that must go into effect, like monitoring backup cloud infrastructure.”
In terms of developing a strategy to deal with the rise in home working, Carder recommends: “For teams that are experiencing a surge in remote workers, there are a few tactics they can easily implement to provide a greater level of security. If your company is built to primarily be an on-premise workforce — with infrastructure located in a corporate-owned data center — then VPN access, protections, and monitoring is a must-have. Enforcing VPN access controls will ensure only the people who need to access certain resources are able to, and proactively monitoring that traffic will allow security teams to quickly identify if anyone is attempting to exploit that access.”
Carder also takes into account alternative models of accessing software: “If your company is heavily SaaS-based, you may not need to focus as much on VPN controls, but you do still need to establish proper access control and monitoring to ensure your cloud environments aren’t compromised. You should also have an understanding of where your employee base is communicating from and whitelist or blacklist access accordingly.”
However, the systems used should be pre-approved, says Carder: “Employees should also only use IT-approved software and file sharing solutions — as unverified solutions can risk exposing sensitive business or compliance-related data. And any of these tools — or other devices connected remotely to the network — need to be properly maintained so they stay current on updates and patches.”
Carder concludes by stating: “In addition to deploying the appropriate IT and security solutions, organizations should provide ongoing security awareness training so that employees understand the extra precautions they need to take when working remotely and the different tactics bad actors may try to use against remote workers during this time. An educated user base is imperative for keeping organizations secure during such an unpredictable time.”