Is Your IT Security Ready for Remote Work? Three Critical Questions
The COVID-19 pandemic presents many difficulties for businesses as people have been forced to work from home. We are no exception. At C2, we have been working remotely while following social distancing protocols during onsite support. We convene with our teams daily via teleconferencing to ensure our support for all clients continues without interruption.
Thankfully, we are already familiar with collaboration tools that allow users to access their companies’ data from anywhere. We seamlessly transitioned our own company to an agile remote workforce in less than 24 hours. With proper guidance, you can do the same.
IT Security Challenges of Remote Work
Virtually every company has a business contingency plan that includes mitigation measures for natural disasters such as earthquakes or hurricanes. But most of these plans don’t account for massive upheavals on the scale of a global pandemic.
To prepare businesses for a pandemic like COVID-19, safety policies such as social distancing and cybersecurity need to be included not only for remote workers but also for employees who work onsite. We should outline the roles and duties that can be done without being at the office:
-What are the roles and responsibilities of each employee?
-How can we provide employees with the tools and support they need to work from home?
-What systems or databases do remote workers need to access to fulfill their duties?
In your business contingency planning, your company should aim for a high level of remote access and authentication readiness. Once the roles for each employee are made clear, we need to provide them the appropriate tools to fulfill their duties through remote access, collaboration, and cloud solutions. These may include Microsoft Teams, Office 365, Workspace ONE, Azure Active Directory, and Cisco Connectivity, to name a few. These tools and other cloud-based systems provide a “virtual office” and video conferencing that enable employees to work from home.
Remote Readiness: Do You Have the Right IT Security?
To make sure you have the technology to keep your business running smoothly while everyone works from home, it is critical to take stock of the people, processes, and technology within your company. Since employees need to access anything from anywhere, the first step is to identify the needs of your employees before they start working from home. The next step is to balance those with the needs of your IT department working hard to keep your company network secure:
1. How do we authenticate such access when they’re working from home?
2. How do we ensure that remote access technology meets the needs of employees in a secure manner?
3. How can we guard against new cybersecurity risks as we transition to remote work?
On top of using collaboration tools including Zoom and Microsoft Teams, transforming your workforce to a remote one requires reevaluating your Identity and Authentication Management (IAM) policies and scaling network capacity for remote access.
While we are advocating for smarter security with remote access, we are aware that user experience (UX) is just as important. How can we be certain that the UX is seamless enough so as to not tempt remote employees to circumvent security policies to make their own jobs easier? Obviously, if authentication processes are too onerous, work productivity will decrease. Security risks may even increase if employees attempt to bypass these policies, potentially exposing their network to new vulnerabilities.
Fortunately, there are ways to make your transition to a remote workforce both seamless and secure while keeping your employees happy and productive. IT security training can also be provided to remote employees so that they learn how to defend against cybersecurity breaches that can cripple any organization.
These investments today will be relevant for years to come. All facets of the business will be challenged to adapt and integrate their strategy for business success.
Preparing Your Infrastructure for Optimal IT Security During and After COVID-19
When supporting their employees in the shift to remote work, IT departments need to leverage their existing infrastructure to scale bandwidth and data usage. Investments toward augmenting IT infrastructure may also be necessary to prepare not only for the transition to remote work, but also to sustain their remote workforce in the coming years. “These investments today will be relevant for years to come. All facets of the business will be challenged to adapt and integrate their strategy for business success,” says Kevin Powers, Vice President of C2.
A cost-effective solution is to use a fully cloud-based environment. Microsoft offers an endpoint management system in which a single console can be used to make sure all apps and devices are secure, particularly in bring-your-own-device (BYOD) scenarios. Collaboration tools such as Microsoft Teams and Office 365 provide access to data sharing and productivity apps across multiple devices.
However, as the number of remote workers increases dramatically, networks begin running into scaling issues as bandwidth and VPN access are finite resources. To meet these challenges, software-defined networking opens up new capabilities while reducing costs. Large teams distributed globally can now use Zoom and Microsoft Teams at scale. But as we scale remote access, we must also scale authentication.
To ensure top-notch security with cloud solutions among a remote workforce, IAM with proven multi-factor authentication (MFA) methods should be used to manage identity and network access and to ensure all devices on the network are secure. Some companies may not have enough laptops to equip all remote employees, so some workers use their own personal computers, USB devices, webmail, or WiFi at coffee shops to access the company’s network—leading to increased security and legal risks.
Intelligent security needs to be designed with the concept of “zero trust.” Rather than perimeter-based security models with firewalls, “organizations need a new security model that more effectively adapts to the complexity of the modern environment, embraces the mobile workforce, and protects people, devices, applications, and data wherever they are located. This is the core of Zero Trust.” (Zero Trust Security Model, Microsoft).
Organizations transitioning to a distributed workforce but are concerned about IT security should use of remote readiness assessments involving IT security professionals with all the major certifications. From these assessments, all employees within the organization would be familiar with the basics of preventing, detecting and combating cybersecurity threats.”
IT Security Assessment: How prepared are you?
With these challenges in the transition to remote work, we want to make sure you receive the support you need not only during, but also in the years after the COVID-19 pandemic.
We are your partners to help you get through difficult times with 24/7 consulting as well as training, implementation and integration support. We have the certified expertise, decades of experience and top-tier partnerships with Dell, Microsoft, and Cisco to provide the cloud solutions, security and licensing you need.
To explore how you can get help, or share lessons learned, we’d love to hear from you! We’re all in this together.