Remote work in the time of COVID-19
The COVID-19 pandemic has, in one broad swipe, rewritten the rules regarding our workforce and jobs, with an almost instantaneous transition to remote work for those who were able to. While certain jobs require physical presence, a number of jobs fortunately can be done while working offsite.
For those companies that went into remote work mode back in March, there was little time to prepare and organizations that did not have remote work plans or policies already in place had to scramble to figure things out. Invariably, additional security challenges arose and had to be overcome.
Due to the rapidity of the transition, companies were caught off guard in a number of ways. Not having enough VPN or remote desktop licenses, dealing with higher than expected network traffic because of Zoom video meetings, and trying to provide secure access to internal applications, databases, and other tools that were not designed to be used from outside the corporate network – these are just the tip of the iceberg.
Those who work with sensitive information such as health information, financial data, intellectual property, source code, contracts, agreements, and other documents that require safe handling need a secure messaging platform. And IT security can be challenging for workers who are outside corporate firewalls and using personal computers and devices.
Remaining safe while working remotely
With employees being remote, companies not only have less control over the technology being used by employees, but home environments are much more vulnerable and leave employees susceptible to phishing attacks. This is where VPNs come in handy. VPNs can extend corporate security to protect people outside normal office environments—think of it as a firewall that magically extends to wherever that outside person sits.
But VPNs are not silver bullets. Secure messaging is also a key component as information is now flowing to a node outside the corporate network. Further, any information stored on a device outside the company ideally should be secured with encryption or other means.
While using VPNs is always a solid option, with the growth of cloud services, people can perform many job functions without the use of a VPN. Logging into Salesforce or Microsoft Office 365 can be done through any browser and may be preferred because of the convenience. However, if this is performed on a personal computer that is outside the IT team’s purview or control, the company may be unable to ensure proper security measures are in place.
Employee training as a key component to company protection
Defending against attacks can be enhanced by layering protection—like an onion. Physical defense like VPNs, firewalls, and encryption all help protect information at rest and in transit. But knowledge, education, and training are key components of a holistic security plan. This intangible piece may be the most important of all.
Many attacks target the weakest points of an organization – often its people – and no matter how thick your walls are or how heavy the gate is, if someone opens the door for an attacker, attackers can breach the soft, inner core of your company.
While an attack can happen at any time and in any location, cybersecurity concerns are dramatically higher when working remotely because of IT department’s limited visibility and control over the environment. Workers that have questions around understanding potential threats and how to handle them are ever present, but outside the protection of corporate walls, those threats can be even greater, so additional training or a refresher may be in order. For example, knowing how to identify and foil social engineering attacks, particularly through phishing attempts, is always a good training topic. Watching out for malware is another, as that can compromise a device by installing a keylogger, ransomware, or spyware.
Review budgets and make sure cybersecurity is taken into account
Even as the country starts to re-open to business, and people start to slowly return to offices, the COVID-19 crisis has been a wake-up call to companies to better understand their capabilities to support remote workers. With the possibility of a resurgence in the fall, now is the time to review and make infrastructure investments and upgrades, find more secure ways to share information, and update policies and procedures to cover the shift in work environments and habits.
What many have realized over the last several months is the degree of interconnectedness among businesses that drive the economy, and the need for services and solutions to work in a remote setting while in the midst of a major health threat. Supporting remote workers is a non-trivial problem for many organizations, but one that needs to be addressed. We have been thrust into a new world and way of doing things that has upended many of our expectations and understandings, and it’s important to be flexible, open to ideas, and continue to focus on driving productivity while protecting your employees.