Code42
Author: Ben Koenig, Senior Manager
Security teams have historically depended on the "castle-on-the-hill" approach when it comes to data security. All of their employees and their work devices were inside the castle walls, protected by moats and drawbridges. When new external security threats emerged — from new phishing tactics to malware vectors — they simply strengthened their walls or added alligators to their moats. But when the COVID-19 pandemic emerged, this approach was shattered while external threats simultaneously increased. Everyone moved outside the castle and lost the protective armor of the corporate network. With a growing remote workforce, the strategies listed below will help ensure employees and businesses remain protected.
Protect your endpoint
Now that everyone is outside the castle walls, you must ensure your remote employees' devices remain protected from viruses, malware and unauthorized access. Make sure you have an endpoint data protection solution in place and consider using cloud-deployed device management tools to make sweeping configuration changes across remote devices.
Use a Virtual Private Network (VPN)
A VPN service will enable your remote workforce to establish secure online connections and communications between their home network and your business's computer network. Require proper education on critical remote workforce tools like your VPN. You don't want your employees using third-party VPNs. Have an official VPN that meets your business's needs and ensure that it is accessible and known to all employees.
Secure identity and access management
Do you have good control over your user identities? This is especially important during workforce reductions or reorganizations. Make sure you are properly removing departing employees' access to your systems.
Utilize cloud collaboration applications
Maintaining collaboration is essential for keeping remote workforces productive. Use tools like GoogleDocs and GoogleSheets, and set proper sharing permissions on important files so collaborators can edit and comment as needed. Consider making a shared drive where your team can store, search and access files from any device. This tip is especially important for HR leaders as they have become the new leading driver of the digital employee experience largely based on these cloud applications.
Personal use isn't inherently 'bad'
You need to be aware of the human element during situations or crises that require remote work. Employees make do with what they have at their disposal — using their work laptops to watch Netflix on their time off or taking Zoom calls with family and friends. Personal use will be more common, but this is not inherently bad as long as you reinforce security standards. Don't bog your busy security teams down with babysitting personal use activity.
Implement ongoing remote workforce training and education
Security teams should already have required training, but these are even more important during significant events that require remote work. Employees should be kept up-to-date on new and increasing security threats, especially when Google is finding 18 million COVID-19 related scam emails every day. Encourage your employees to have open and honest communication with your security team — ask them to flag any suspicious activity, and reinforce that they won't be reprimanded for any security risks that they might accidentally trigger. This ongoing education, communication and awareness is crucial.
Remember to always consider your business's unique needs, because every castle and kingdom is different and requires different protocols. We hope that these security tips will help your organization remain secure during crises that require remote workforces.