How Remote Work is Transforming Cybersecurity

The shift to large-scale remote work in the wake of the COVID-19 pandemic has fundamentally changed the way that businesses operate. Within just a few weeks, many organizations were quickly able to pivot to this model with little disruption to business continuity. Employees stayed productive and customers rarely noticed a difference in service.

While near-universal work from home was initially thought to be a temporary situation, it’s likely that we will be living with this model of work for a long time. Facebook and Google recently announced that they would be keeping the majority of their employees at home until at least the summer of 2021, while Twitter announced that its employees can work from home “forever.”

This means that companies need to develop long-term, sustainable protocols to manage remote business operations. One could argue that this process starts with adjusting remote cybersecurity protocols.

The cybersecurity risks of remote work

Data breaches are always a concern for companies whether or not they have a distributed workforces. According to IBM’s most recent “Cost of a Data Breach” report, the global average cost of a data breach is $3.86 million. While that may be manageable for large corporations, that could put startups and SMB--common victims of cyberattacks--out of business.

The IBM report also explored the effects of remote work on data breaches. Of those surveyed, 70 percent said that remote work would “increase the cost of a data breach.” In addition, 76% said that remote work would “increase the time to identify and contain a breach.”

The sudden shift to remote work has presented some additional challenges that IT teams need to keep in mind:

Inexperienced employees

Many employees who had never worked from home were suddenly thrust into a situation where they had to quickly learn how to use multiple remote work and productivity applications. This additional stress has made them particularly vulnerable to hackers who are taking advantage of this time with actions like phishing schemes. Employees may mistakenly give out sensitive information thinking that it is related to the pandemic or one of the unfamiliar tools that they are using.

Unsecured home networks

Working from home means that employees access information via networks that IT teams have no control over. Common mistakes that many people make that could compromise their security include not updating firmware regularly, not encrypting their Wi-Fi configuration, and not changing the router login and password from the default.

Unsecured personal devices

While most employees have a work-provided laptop, some will choose to use their own machines for many reasons including convenience or quality. This can be a problem when employees don’t have additional protections on their own devices like antivirus software and firewalls.

How do you maintain security in a remote workforce?

Follow established frameworks

Cybersecurity best practices can be adapted to most kinds of work environments, and developing a plan does not require you to start from scratch. Many IT security experts recommend following the guidelines established by the National Institute of Standards and Technology (NIST) in its Cybersecurity Framework. It consists of five “core” functions that organizations should perform continuously:

  • Identify - Understanding the current state of your assets and data and who has access to them.
  • Protect - Creating the safeguards necessary limit the access and release of sensitive data.
  • Detect - Implementing tools and actions that can detect breaches or suspicious events.
  • Respond - Developing protocols that allow you to quickly take action in the result of a data breach.
  • Recover - Developing protocols that allow the organization to resume normal activity in the case of an incident.

Consider Zero Trust architecture

Zero Trust is a security methodology that is centered on the assumption that no person or device inside or outside of a network can automatically be trusted. Users and devices must be authenticated and authorized to access multiple, smaller perimeters to access data. The concept of trust is usually divided into five main pillars:

  • Device
  • User
  • Session
  • Application
  • Data

Once trust has been initially established, then the system will grant or deny access. In addition, it is important to regularly re-verify all of the pillars. Zero Trust architecture is maintained through a combination of protocols including multi-factor authentication, privileged access, and real-time monitoring.

In a time when many employees are accessing company data from everywhere but the office, it is particularly important to have security measures in place to address this change.

Educate employees about cybersecurity

Conversations about cybersecurity threats need to happen more than just during an employee’s initial onboarding. This is education that must continue throughout the entirety of a person’s time with the organization. Consider scheduling regular educational sessions with remote employees explaining how security is particularly important now when they do not have the protections of the office environment.

Education should not only be centered around tasks that employees can take to secure home networks or devices. It’s also important to discuss how cybersecurity is the responsibility of everyone in a company, not just IT or management. Some employees--especially those who do not work with sensitive information a part of their jobs--may not be aware that they could be vulnerable to hackers or malicious actors.

In addition, regularly sending emails and newsletters about remote work and security will help keep this issue at top of mind.

Develop a remote cybersecurity policy

If you have not done so already, now is the time to develop a remote work cybersecurity policy that is specific to the current situation. Here are some recommendations for what it should address:

  • Company-issued device usage for non work-related activities
  • Limitations on what can be accessed from personal devices
  • Securing home wireless networks
  • How to notify IT of a possible attack or phishing scheme
  • A response plan that allows employees to quickly get back to work.

Can cybersecurity be done remotely?

Prior to the pandemic, many cybersecurity tasks were already being done remotely especially at large corporations that have a mix of satellite offices and a work-from-home workforce. There are also multiple cloud cybersecurity tools that allow IT teams to protect a company’s assets without having to be in a centralized location.

Figuring out all your bases to cover is not an easy process to navigate, especially in times like these— and that’s why Electric is here to support your organization. Electric can work closely to help you find the right remote IT support solutions to make remote work easier and more secure for your employees.

Stay up to date

Subscribe to the blog to stay up to date with all the latest industry news and updates from Electric.