What steps should companies take to ensure that they close security gaps when standing up their remote workforce.
The Covid-19 Pandemic has rearranged life and business as we know it. Businesses have had to quickly stand up remote worker environments, some for the first time. According to a 2019 Fortinet report, 71% of companies are worried about inadvertent insider breaches while 65% are concerned about negligent data breaches. Unfortunately, the quick roll out of remote worker environments have done nothing to ease the fears of executives.
In addition, as many states and countries look to return to normalcy, remote workers may very well be our new norm. A Gartner survey indicated that 74% of CFO’s intend to make the shift to remote work for some employees a permanent one. With the shift to remote offices, protecting our remote employees and our corporate data from nefarious actors becomes our immediate priority. Executive board member Al Monserrat, has often said, “treat every employee as if they are a remote employee. That way you only build and maintain one infrastructure. Otherwise you will have to build multiple environments and apps.” Those words have never rung truer than today.
As such, organizations need strategies and solutions to ensure that the sudden influx of remote workers does not expose them to a cybersecurity breach. And as they pivot to permanent remote work environments, they must consider how to tighten the security gaps of their new and existing remote workers.
I had the privilege of discussing this with several IT security experts. Tyler Carbone, Chief Strategy Officer of Terbium Labs, insisted that organizations must start with “all the same steps we had to take for our in-person workforces” because like Monserrat he adheres to the notion that security is a universal language.
Richard Stiennon, author, Security Yearbook 2020: A History and Directory of the IT Security Industry indicated that organizations must get identity right -- deploy a cloud directory service. In that same vein I’d champion that companies must equip the workforce with secure, remote desktops in the cloud to ensure that the workforce remains secure and productive.
Here are five steps we all agreed on:
- Establish Processes -- Management needs to begin by clearly defining which employees have access from a remote location and what specific network protocols are to be used. ~ Scott Schober, author of 'Hacked Again' & 'Cybersecurity is Everybody's Business'
- Utilize a Secure Cloud -- “Replace VPNs with SASE, a cloud proxy that replicates the data center security stack for web filtering, malware defense, and DLP.” Richard Stiennon, author, Security Yearbook 2020: A History and Directory of the IT Security Industry
- Secure Devices and Technology -- Make sure that their home network is setup with a good router and it has its firewall enabled and the default password has been changed. Tim Crawford, CIO Strategic Adviser, AVOA
- Protect against cyber threats -- “Require all employees to use 2FA (Two-factor Authentication) as this added layer of security can increase security ten-fold.” Scott Schober, author of 'Hacked Again' & 'Cybersecurity is Everybody's Business'
- Automate, automate, automate -- “Automatically update operating system software and application software (e.g. anti-malware software, office productivity” ~ Dan Lohrmann, Chief Strategist & Chief Security Officer at Security Mentor
For more steps from these experts, check out our Slideshare.