As the COVID-19 pandemic continues, a new global remote workforce has emerged in an effort to help flatten the curve. As organizations make this necessary transition, changes to infrastructure to support remote workers may create unprecedented risks and vulnerabilities.
Here are five tips for mitigating risk associated with your newly deployed remote workforce:
- Establish a policy
Organizations will need to understand what types of access are required. For instance, many organizations will only allow organization-issued devices to connect to the network; however, smaller businesses may need to allow for the use of personal devices. In this scenario, is not possible for the IT team to ensure the secure configuration of employees' personal equipment, increasing security risks. Organization-provided equipment allows for centralized management by the IT team.
Aside from organization-issued and personal devices, the remote access policy should also determine how third-party vendor connections are managed. As a best practice, vendor connections should be approved beforehand and be monitored.
- Ensure remote connections are encrypted
Now that most, if not all, employees are working in remote, hostile environments, the organization should ensure that all connections are encrypted. Most organizations accomplish this through a Virtual Private Network (VPN). VPNs allows for data to pass through an authorized connection point while being scrambled, ensuring an unauthorized individual is unable to intercept and maliciously leverage the data.
- Ensure remote connections are logged and monitored
Logging and monitoring of remote access is critical for securing a remote workforce. As remote traffic increases, the risk of unauthorized access also increases. By monitoring the network, organizations can flag any unauthorized access or attempted access. Logging also provides the organization with audit capabilities to trace unauthorized access should a security event occur.
- Use multi-factor authentication
One of the most important tactics for securing a remote workforce is implementing strong authentication methods. We strongly recommend implementing multi-factor authentication as it requires a minimum of two out of three items before making a successful connection: something you know, something you have, and something you are. For example, the user will enter a username and password (something you know) then receive a one-time-code on their mobile phone device (something you have). The one-time-code is required, in addition to the username and password, for a successful connection.
- Ensure antivirus and patch management procedures are in place:
People serve as the greatest security risk to any organization. Organizations should ensure employees are trained in social engineering tactics (e.g. phishing attempts, scam phone calls, etc.) to mitigate cyberattacks like ransomware. Additionally, antivirus solutions should be installed on all devices that are connecting to the network. Antivirus solutions, while not a silver bullet, will help detect and prevent malicious software (malware) from infecting devices on the network.
Additionally, organizations should ensure all devices are centrally managed by the IT department to verify patches are applied and agents are installed on all network devices, allowing for publicly known vulnerabilities to be identified and addressed. Smaller organizations where personal devices are being used should ensure that those devices have up-to-date software with antivirus installed.
While these tips are not all encompassing, they will help your organization establish a baseline level of security during these uncertain times. In our previous blog, we offer additional insights around testing the security of your remote infrastructure. For more information about ways to maintain and improve your organization’s security in light of a newly deployed remote workforce, drop us a line.