Contact Us

|

Careers

|

Change Locale
close

In the All-Remote World, Security Matters More than Ever

Collaboration | Posted on March 26, 2020 by Softchoice Advisor

The situation surrounding COVID-19 has required many organizations to adjust their way of working. Cybercriminals are doing the same. 

The need to shift many workforces to all-remote work creates new challenges, complicating an already complex cybersecurity landscape.  

Across the globe, malicious actors are leveraging confusion and uncertainty around this unprecedented scenario to target individuals, businesses and their users. 

With many or all end users working from remote locations outside the core office, IT security teams may lose visibility into the endpoints, connections and users in their environment. This scenario meanextending security into the cloud and mobile environments is no longer optional  

Below, we explore how you can start protecting your workforce today as well as the four main security challenges surrounding reduced visibility and increased risk in an all-remote environment  

Where You Can Start Today 

In an unexpected scenario, complexity and confusion can interrupt your return to business-as-usual or leave you unprotected.  

“Security is complex on its own,” says Chris Pratapas, Director of Business Development for Security at Softchoice. 

“Adding pressure from external events means short term priorities can greatly affect the business continuity of an organization. Our network of experts across all areas of IT can help provide security guidance in times of need.” 

We’ve compiled the following first steps toward closing the remote work security gap.  

For End Users

  • Encourage the use of password managers and apply a banned password list 
  • Remind staff not to defer software or operating system updates 
  • Make staff aware of how and where you will (and won’t) communicate COVID-19 updates 
  • Encourage staff to be on the lookout for attempts to steal or compromise credentials 
  • Make staff aware that mistakes happen and that it’s important to “own up” right away 
  • Stress the importance of not sharing work devices or credentials with anyone 
  • Ask staff to seek permission to use any external cloud storage or SaaS services 
  • Remind staff never to send personal information via email

For IT Teams

  • Implement multi-factor authentication for all staff 
  • Remind IT staff not to log-in with high privileges for routine daily tasks 
  • Remind IT staff to remain alert for heightened phishing, malware and other malicious activity 
  • Encourage IT staff not to rely on email in cases of emergency  
  • Provide staff with a safe means of backing up critical data  
  • Create and regularly review an exceptions register (if you don’t have one in place)  

 

Where to Go Next 

Protecting User Access  

In an all-remote work environment, the need to provide the right users with the right access to the right apps and data is front-and-center. In fact, 81% of breaches leverage stolen credentials. [1]  

The need for most or all users to connect to corporate networks, systems, application and data from home or other locations introduces new endpoints and connections into the environment.  

Without the right visibility, it becomes much more difficult for IT teams to apply the right access controls, monitor identities and prevent unauthorized access. 

As such, it’s more important than ever for IT to be able to verify who has access and be confident that they are who they claim to be.  

Measures like multi-factor authentication, smart account lockout features, password managers and banned password lists help keep user identity and access safe from a technology perspective.  

On the human side, reminding staff to keep devices locked, web cams covered (when not in use) and credentials confidential is key to controlling user access 

Controlling Data & Applications 

An all-remote work situation also complicates IT’s ability to monitor who is creating and using data, and how they are sharing and storing it.  

Under normal circumstances, non-approved software or “shadow IT” opens the door to breaches and data leaks. While workforces struggle to adjust to new way of working, the motivation to get things done faster by circumventing proper procedure may be even higher. 

For instance, workers storing data in unmanaged cloud repositories or leaking privileged data by accident is also a greater concern in an all-remote work scenario. Features like email auto-complete or online grammar-checking services can also create vulnerabilities, however unintentional.  

Meanwhile, the temptation to use home computers or other personal devices for work tasks can dilute the effectiveness of device management tools. Furthermore, if those devices aren’t running the latest OS versions or security patches, the vulnerability only increases.  

The unfortunate situation where unpredictable times make layoffs necessary also raises the possibility of bad actors leaking sensitive data on purpose 

To keep data and applications under control, IT teams should consider implementing hardware encryption and requiring staff to seek permission to use any external cloud storage solution.  

Minding the Security Skills Gap 

Security starts and ends with your workforce.  

With a decentralized user base connecting to the business from various remote endpoints, keeping people educated and alert to cybersecurity threats is paramount.  

Our partners already report that cybercriminals have deployed targeted campaigns using false COVID-19 communications to acquire credentials and gain access to corporate networks.  

Meanwhile, Forrester Research found that only 36% of workers knew their organization’s security policies and procedures. Just 1 in 3 had received any training on workplace security. [2] 

The ongoing shortage of skilled cybersecurity professionals only makes recovering from an incident more difficult. Recruiting for the specialized skills needed to implement and maintain an effective end-to-end security solution can be time-consuming and expensive.  

The current circumstances leave little time to identify and close the gaps.  

Organizations should focus on educating end users on their critical role in cybersecurity and identifying areas where an experienced security partner can help.  

Overcoming Visibility Challenges  

An all-remote work setup makes it much harder for IT to see all the endpoints and connections into the environment. 

Here, the notion of a secure perimeter around the business isn’t feasible, as traffic into the business from unknown or unmanaged sources is inevitable. This lack of visibility means the effects of breach can spread much further much faster before IT security teams can detect and respond. 

Implementing a “zero trust” network that enforces conditional access based on conformity with IT-established policies, rather than location, is key to keeping would-be attackers out.  

 Meanwhile, maintaining a robust threat detection and incident response plan is vital to mitigating the damage of a possible breach. However, the security marketplace is vast and complex. Finding and implementing the right security solutions may be overwhelming for leaner IT teams.  

Assessing your current capabilities and reaching out to a partner like Softchoice to help select, deploy and manage the right solutions to fill the gaps is the best first step.   

Cutting through the Complexity 

It’s up to IT leaders to strike the balance between ensuring productivity and providing protection. In uncertain times, this role is more important than ever. 

Nonetheless, the need to select compliant, cost-effective and easy-to-deploy solutions from a huge ecosystem of vendors and products doesn’t go away.  

Providing the right users with access to the right applications and data requires an end-to-end solution based on experience, expertise and strong partnerships in the security space.  

Working with us helps you cut through the complexity, select and deploy the short- and long-term security solutions to keep your people safe from cybersecurity threats throughout any scenario.  

Do you need help navigating security for the all-remote work environment?  

Connect with a security expert  

 

[1] Business Technographics Global Workforce Recontact Survey, Forrester Research Inc., 2019

[2] Business Technographics Global Workforce Recontact Survey, Forrester Research Inc., 2019

Related Articles

Cloud | May 25, 2020 by Softchoice Advisor

The Softchoice Virtual Discovery Expo (VDX) 2020 has now wrapped. Over 2,000 people registered to hear from Softchoice and our exhibitor partners about the areas driving their digital transformation today. This year, our full-day virtual tech expo happened in a much different context than the inaugural event in 2019. Attendees took away an important message: […]

Cloud | April 29, 2020 by Softchoice Advisor

Events of the past few months have forced organizations to make technology changes and investments that they weren’t expecting or that were planned for further in the future. In short order, new priorities supplanted existing plans, with long-term transformation projects paused in favor of immediate actions to adjust to new operating environments and  ensure business […]

Collaboration | April 21, 2020 by Softchoice Advisor

The recent surge in full-time remote workers is putting corporate networks under unusual stress. More people than ever are connecting through virtual private networks (VPNs), taking frequent video calls or meetings and accessing business applications from outside the office. Without a LAN/WAN infrastructure designed and optimized for the new all-remote workforce, poor connectivity and degraded […]