The COVID-19 pandemic has rapidly accelerated remote work from a popular option to the new normal. Many enterprises went from 28% of staff working from home to more than 95% doing so.
ARTICLE | 4m read
July 8, 2020
451 Research described our current environment as “a massive controlled experiment in the viability of work-from-home (WFH) strategies.” But as organizations abruptly adapted to a primarily remote workforce, many of their remote work security measures have been short term solutions that increased vulnerabilities. Sensing these weaknesses, cybercriminals have stepped up cyberattacks on your employees, applications, and sensitive data.
One thing is clear—we are not going back to the way things were. As this business disruption stretches on, IT leaders must look at long term strategies on how to maintain security when employees work remotely. In this post, we’ll walk through the security vulnerabilities of a primarily remote workforce as well as best practices to build your remote work security plan.
EXECUTIVES AT MULTIPLE LARGE ENTERPRISES HAVE SUGGESTED THERE MAY BE A DEGREE OF PERMANENCE TO THESE MOVES.
Many workers who left offices to work remotely during the coronavirus pandemic are not going back. At large enterprises, 38% of executives expect their expanded work from home policies to become permanent. But while remote work is here to stay, so are its security challenges. With more people working remotely on personal devices, there’s been a surge of bad actors targeting both work-from-home tools and employees.
For your remote employees to do their best work while maintaining data security, it’s important to know the cybersecurity risks of remote work, such as:
Considering the wide variety of security risks that remote workers face, your long-term remote security needs a zero trust mindset. Zero trust is a context-driven security model governed by a single principle: No one is automatically deserving of trust. Using multiple criteria like user credentials, time of access, and device posture to verify identity, zero trust security only grants remote access to company files when users have proof of who they are. What’s more, users only gain access to the files and applications they need for their work and nothing more. This prevents a lost smartphone from leading to a major data breach.
To implement zero trust for your remote workforce, you need a combination of secure processes and security technology. First, you should require multi-factor authentication to access any company data or applications. Second, it’s also helpful to adopt a single sign-on (SSO) solution so remote workers can use multi-factor authentication to sign on once then access all their apps and data inside a secure workspace. Finally, you should also adopt user behavior analytics that leverage AI and machine learning to flag suspicious behavior. This helps you identity a bad actor on your network before they breach your sensitive data. By adopting a zero trust approach, you can reduce risk and improve security without hurting your remote work experience.
As you adopt new processes and technology in your long-term remote work security plan, you will probably take a look at Virtual Private Networks. VPNs work by providing an encrypted connection on IT-managed devices to shield online activity from unauthorized users when employees work remotely. The worldwide increase in remote work has also seen a surge in VPN usage, since most established organizations already have VPNs in place for their out-of-office workers.
That said, the existing VPN infrastructure is not scalable for our new normal where remote work has become primary. Because VPNs can slow the performance of cloud and SaaS apps, they can frustrate remote workers and hurt your employee experience. They are also difficult to set up and deploy when most of your employees are already working remotely. Finally, VPNs do nothing to prevent phishing, malware, and the theft of physical devices. This means your remote work security strategy cannot rely on VPNs over the long term.
We will see an end to the Covid-19 pandemic, but the new normal of remote work is here to stay. As your organization creates its remote work security plans for the future, embrace zero trust fundamentals and adopt technology that will empower your employees to do their best work securely—no matter where they are.