The COVID 19 pandemic has changed the way many of us work. It is estimated that one in four Americans will be working remotely in 2021. Many organizations forced to adapt to remote work scenarios prospered, and according to a recent Gartner survey, 82% of business leaders plan to maintain a permanent fully remote or hybrid workforce going forward. With workers changing work locations, organizations now face a myriad of problems with securing infrastructure, applications, and data accessed from anywhere.
Since the start of the Covid-19 pandemic, the FBI’s Internet Crime Complaint Center has seen a 300% increase in the number of daily cybersecurity complaints and reports. The increase is primarily attributed to the rise in remote workers and the increased risk that remote work presents to an organization’s cybersecurity posture. While a 300% increase isn’t necessarily surprising, it is one that business leaders need to address. Before the pandemic, most employees were limited to the use of company owned devices on company managed networks, which employers could easily monitor and secure. Newly minted remote workers, often unaware of baseline cybersecurity measures, are now relying on home networks, personal electronic devices, and insecure work settings. The new remote worker, in turn, increases an organization’s attack surface. Employers are faced with the seemingly insurmountable task of fully securing countless external devices.
With “work from anywhere” here to stay, how can today’s organizations effectively secure their remote workforce? A good first step is to acknowledge that the environment has changed, and the attack surface has expanded. To curb the increased cybersecurity threats experienced, today’s business leaders need to first understand the implications that shifting to remote work has had on their organizational operations and risk profiles. Once you better understand the secure remote work problem, you are better prepared to embrace and implement the following secure remote work solutions:
Secure Remote Work Policies and Procedures
Organizations must publish updated processes, policies, standards, and guidelines that address new security threats. Strong password policies should be implemented, preferably with passphrases that are unique. Employees need to sign acceptable use policies to know what is and is not allowed on company devices as well as personal devices that are being used to conduct company business.
Multi-Factor Authentication (MFA) is the use of one or more verification methods to prove a user is who they claim they are. The three most prevalent MFA verification methods are:
- Something you know, such as a password
- Something you have, such as a verification code
- Something you are, such as a fingerprint
With something you have, something you know, and something you are combined, we can confirm that an individual is who they say they are. Once authenticated, they are authorized to access an organization’s network, applications, and data.
Secure Access Service Edge – also known as Zero Trust Edge
Technology frameworks such as Secure Access Service Edge (SASE) or Zero Trust Edge (ZTE) have been proven by industry leaders such as Gartner and Forrester, to reduce the overall attack surface of an organization by adopting the principals of Zero Trust Networking. The approach assumes that the network is hostile and creates an encrypted tunnel between the endpoint and applications or data; on-prem or in the cloud. With SASE or ZTE, security is brought closer to endpoints as well as applications, in essence dissolving the legacy static approach of perimeter security and allowing secure remote work.
Security Awareness Training
To allow for secure remote work, people need to be properly trained with the latest tactics, techniques, and procedures to counter emerging threats. Employees do not need to be cybersecurity experts but having a baseline understanding of what a suspicious email looks like can be the difference between junk mail and a breach. Anti-phishing education, coupled with instructor led training, has proven to dramatically increase an organization’s overall cybersecurity posture.