Why you need a long-term remote work security plan

The COVID-19 pandemic has rapidly accelerated remote work from a popular option to the new normal. Many enterprises went from 28% of staff working from home to more than 95% doing so.

ARTICLE | 4m read
July 8, 2020

451 Research described our current environment as “a massive controlled experiment in the viability of work-from-home (WFH) strategies.”  But as organizations abruptly adapted to a primarily remote workforce, many of their remote work security measures have been short term solutions that increased vulnerabilities. Sensing these weaknesses, cybercriminals have stepped up cyberattacks on your employees, applications, and sensitive data.

One thing is clear—we are not going back to the way things were. As this business disruption stretches on, IT leaders must look at long term strategies on how to maintain security when employees work remotely. In this post, we’ll walk through the security vulnerabilities of a primarily remote workforce as well as best practices to build your remote work security plan.

EXECUTIVES AT MULTIPLE LARGE ENTERPRISES HAVE SUGGESTED THERE MAY BE A DEGREE OF PERMANENCE TO THESE MOVES.

451 Research

Remote work isn’t going away, and neither are its security risks

Many workers who left offices to work remotely during the coronavirus pandemic are not going back. At large enterprises, 38% of executives expect their expanded work from home policies to become permanent. But while remote work is here to stay, so are its security challenges. With more people working remotely on personal devices, there’s been a surge of bad actors targeting both work-from-home tools and employees.

For your remote employees to do their best work while maintaining data security, it’s important to know the cybersecurity risks of remote work, such as:

  • Internet and network security risks
    The majority of your remote workers are relying on commercial internet connections like home broadband and public wi-fi networks. Because these connections are often shared with family and neighbors (or even strangers in the case of public WIFI in coffee shops or libraries), there is a high risk of bad actors illicitly monitoring your employees or targeting them with bots or malware. VPNs are a common solution for this, but they have significant risks and drawback to be discussed later.
  • Data security risks for personal and work information
    When employees work from home, there is often a blurring of professional and personal time that can lead to remote workers accessing company data on personal mobile devices and personal data on company devices. This can increase the risk of phishing attacks and ransomware because all it takes is one employee clicking the wrong link for a bad actor to gain access to your sensitive data.
  • Remote access security risks
    Remote employees commonly want access to business data and files on any device and in any location. Unregulated BYOD policies often create many more endpoints that IT teams need to monitor and secure. Making matters worse, any stolen password or device can lead to a company-wide data breach.

Why zero trust is essential to remote work security

Considering the wide variety of security risks that remote workers face, your long-term remote security needs a zero trust mindset. Zero trust is a context-driven security model governed by a single principle: No one is automatically deserving of trust. Using multiple criteria like user credentials, time of access, and device posture to verify identity, zero trust security only grants remote access to company files when users have proof of who they are. What’s more, users only gain access to the files and applications they need for their work and nothing more. This prevents a lost smartphone from leading to a major data breach.

To implement zero trust for your remote workforce, you need a combination of secure processes and security technology. First, you should require multi-factor authentication to access any company data or applications. Second, it’s also helpful to adopt a single sign-on (SSO) solution so remote workers can use multi-factor authentication to sign on once then access all their apps and data inside a secure workspace. Finally, you should also adopt user behavior analytics that leverage AI and machine learning to flag suspicious behavior. This helps you identity a bad actor on your network before they breach your sensitive data. By adopting a zero trust approach, you can reduce risk and improve security without hurting your remote work experience.

VPNs are not enough to protect remote workers

As you adopt new processes and technology in your long-term remote work security plan, you will probably take a look at Virtual Private Networks. VPNs work by providing an encrypted connection on IT-managed devices to shield online activity from unauthorized users when employees work remotely. The worldwide increase in remote work has also seen a surge in VPN usage, since most established organizations already have VPNs in place for their out-of-office workers.

That said, the existing VPN infrastructure is not scalable for our new normal where remote work has become primary. Because VPNs can slow the performance of cloud and SaaS apps, they can frustrate remote workers and hurt your employee experience. They are also difficult to set up and deploy when most of your employees are already working remotely. Finally, VPNs do nothing to prevent phishing, malware, and the theft of physical devices. This means your remote work security strategy cannot rely on VPNs over the long term.

Design your remote work security for the long term

We will see an end to the Covid-19 pandemic, but the new normal of remote work is here to stay. As your organization creates its remote work security plans for the future, embrace zero trust fundamentals and adopt technology that will empower your employees to do their best work securely—no matter where they are.

Collaborators

451 Research

NEWSLETTER

Get the latest research, insights, and stories from Fieldwork by Citrix.