Reflecting on the beginning of the pandemic, few people anticipated organizations would still be working remotely today. Quickly shifting earlier this year, IT teams worked swiftly to ensure that employees could access the necessary information to get their jobs done from home environments.
Today, as an increasing number of organizations, including top tech companies like Google, Twitter and Facebook, have announced extended remote work plans, IT teams must ensure employee devices are secured to sustain the long haul. With IT burnout high, user awareness low, and malicious activity rising, this is often easier said than done.
Below are my top three tips for IT teams to ensure employee devices remain secure as remote work looms.
1. Configure, monitor and protect remote devices and platforms
Ideally, before the pandemic began, IT teams would have had centralized administrator systems configured to manage all employee devices remotely. With a centralized system in place, administrators have access to what often amounts to thousands of devices through the corporate environment. But, for many organizations, this may not have been the case.
Today, most employees don’t have the luxury of stopping by their IT department’s office for help addressing an alert or computer crash, so issues may be missed. According to recent data, IT departments are receiving an influx of tickets, especially from mid-level employees, for hardware and software alerts and security and policy management.
Detecting device threats have become much more challenging for IT departments. Previously, if a hacker compromised a user’s system, the corporate infrastructure was equipped with various preventative and detective elements. While remote, though, organizations cannot always ensure employees work in a secure environment, making it that much more challenging to detect and prevent malicious actions on a user’s system.
In order to better address these remote difficulties, IT departments must configure their centralized administrator platforms if they are not already in place. Once configured, they should promote and ensure the use of the secure communication channels and use a zero trust strategy when possible.
Beyond this, IT departments must also address the bring your own device (BYOD) challenges. While at home, many employees will, at some point, use their personal devices to log on to corporate networks, especially if a corporate device breaks. But personal devices are not always secure. In fact, according to recent Flexential research, more than half of the people surveyed are concerned about their personal computing device getting hacked since COVID-19 started. With this in mind, if the organization has not achieved zero trust it’s especially important IT departments approach BYOD strategically.
To do so, IT staff should first implement multi-factor authentication for all employees accessing corporate networks. They should then create security checks to alert when a new device enters the network, and ensure this device is proactively checked by anti-malware software. They should also design remote access solutions using network segmentation to direct non-corporate devices to an isolated network. These networks should have different restrictions and limitations dictating what this device can do on the network once logged in.
2. Implement assessment strategies to identify the riskiest devices and users
In remote environments, it’s easy for employees to become lax in their security awareness and open their devices up to hackers. This is why, today, more than ever, security and awareness training is critical.
Throughout the pandemic, businesses of all kinds have seen an influx of cyberactivity, with impersonation attacks continuing to accelerate and ransomware simultaneously on the rise. Malicious actors know they have the opportunity to target individuals using fear tactics based on the latest news, like sending a phishing email specific to the latest COVID-19 or election update.
As such, organizations must continuously make sure employees know the latest threats on the horizon and educate them on what to look for. This means implementing short, consistent, specific and visual training practices. Training should be kept short so that employees do not zone out. Content should be specific to current concerns and spaced effectively instead of blasting employees with long, redundant cybersecurity information. Regularly sharing informative and interactive training content means cybersecurity becomes a part of every employees’ routines. IT teams should also use pictures and videos to make content more consumable.
Once training is in place, IT teams should implement specific assessment strategies to consistently identify the riskiest devices and users on the network. This includes regularly testing users with phishing simulations. By doing this, IT teams will get a better understanding of the specific devices that could potentially open the enterprise network to the most risk. They can then work with specific employees to better understand cybersecurity best practices and more frequently monitor activity on said device.
3. Re-evaluate your long-term security and data protection plans
Flexential’s data shows most organizations believe they will be working remotely for at least 5-12 more months. Knowing that many enterprise teams will either not return to the office until 2021, or will take a hybrid approach to remote and in-office work, organizations should take this time to update their long-term IT strategy. Also, since it’s budget planning season, now is the time for IT departments to shed light on the devices, tools, platforms and staffing needed to ensure their remote workforce is protected for the long haul.
Organizations should ask themselves the following questions: Do we need new or additional laptops for employees? Do we need to implement a new VDI or zero trust platform? Are we looking at a new video conferencing platform to help employees stay connected? Whether it’s hardware, software, or staff, all of these elements take funding and time. IT departments must coordinate with executive leadership to ensure this funding is secured.
It is also the time to evaluate how your enterprise data protection strategies have shifted with COVID-19 and remote work. According to recent Flexential data, almost half of individuals surveyed said their company has not made any process or technology changes to their data protection policies as a result of COVID and/or remote work. This points to a significant gap in companies that are not evolving their backup and disaster recovery plans during times like these when the vulnerability is heightened.
It’s critical organizations change their approach, strengthening their data protection and cybersecurity education policies. Organizations should be outlining how IT teams will physically access server rooms safely without exposure to COVID-19, how employees can access networks from home in the event corporate systems do go down, and ensuring the right plans are in place to recover from a ransomware attack or a disaster.
By effectively planning, organizations can approach remote security and data protection much differently than earlier this year when businesses were moving fast to shift employees to at-home environments.
Keep devices protected for the long haul
Remote work has opened corporate networks to a slew of vulnerabilities we have never experienced. It’s up to IT departments and enterprise leadership to ensure employees are well-equipped to keep their devices protected. Taking the time to plan now will ensure organizations working remotely for months and years to come are prepared and secure for the long haul.