Cybersecurity has long been an essential component of every company’s IT plan (at least, that’s the way things ought to be). But COVID-19 has changed the situation pretty drastically for many companies. Those who hadn’t embraced remote work before 2020 were forced to move as many jobs as possible home, often with very little notice.
But talk to any company leader who had already embraced remote work. You’ll hear the same message: going remote requires thought and planning on all sorts of fronts, including cybersecurity. It can perhaps be done over a weekend if a pandemic calls for it, but it’s nearly impossible to do it well in that kind of timeframe.
If your company is facing a “new normal” that involves a lot more remote work, here are six areas where you should rethink cybersecurity right now.
There are numerous infrastructure questions to resolve as you move toward a secure yet remote-friendly work environment. One of the most pressing for your staff is a device policy.
Will you allow staff to use their own devices from home, or will you limit access to company-owned (and IT-managed) devices? While the latter makes the most sense from a cybersecurity standpoint, we guarantee you’ll have employees complaining about it. They want to use their MacBooks or their phones or tablets to get work done from home, and they don’t care nearly as much as you do about whether those devices are secure and free of malware.
Not to mention, a company-only device policy means you need to have enough company-owned devices to go around, and you must handle the logistics of getting all that equipment to your employees’ homes. The point is, either can work, but both require careful planning and administration.
Mobile Device Management (MDM)
If you’re allowing employees to access company data via mobile device (whether personal or company-owned), you need a mobile device management (MDM) or an enterprise mobility management (EMM) solution. MDM is a software solution that allows your IT team (or your managed IT provider) to monitor, manage and secure mobile devices. You don’t want data brokers or competitors spying on your operations or stealing your data, and MDM is one vital step to prevent that from happening.
If your company is still committed to the private, on-site server model, it may be time to consider migrating your data and processes to the cloud. While remote access to your on-site server is possible via VPN, you’ll likely find it isn’t the smoothest possible solution. Accessing data from the cloud will probably be faster, and it may even be more secure. (Trust us: hackers are going to have an easier time breaching your private server than they are Microsoft’s or AWS’s.)
But it’s not as simple as just deciding to move to the cloud. You also have to choose which cloud provider is best for your needs. This can be a tricky decision, one that we can help with should you need assistance.
With a scattered workforce, are your current collaboration tools sufficient? There’s an entire ecosystem of modern collaboration tools that can transform how you do work. Unfortunately, they can also sow confusion as you may suddenly be asking tech-wary employees to learn multiple new ways of communicating. Our advice is to identify only the tools you need and avoid over-implementing.
Your bandwidth needs could change with remote workers, especially when you’re relying on a VPN to private server model. Have connections slowed considerably since sending people home? It could be time to evaluate your bandwidth needs.
2. Threat Detection
Threat detection involves several technologies and tactics, including endpoint protection, vulnerability scans, penetration tests, and monitoring apps. Some of this runs in parallel with mobile device management discussed earlier, and none of it is (or should be) new to your organization.
The difference, of course, is remote work (and, by extension, remote machines). Threat detection is more manageable when everyone (and everything—servers, printers, and endpoint devices like PCs and tablets) is on site. Spreading everything out to employees’ homes complicates the process.
The good news is there are modern threat detection tools that are built to accommodate remote work. Enough companies had already embraced remote work before the pandemic, so these tools already existed.
If you’re not sure where to turn for more resilient threat detection, we can help with that, too.
3. Secure Access
A good portion of your remote workforce still needs to access sensitive or proprietary data or apps within your organization. You need a mechanism so that they can do so from home safely and securely.
VPN, or virtual private network, is the best-known tool for safely accessing on-site resources remotely. They essentially create a secure tunnel from a device to your network. VPNs are not a new technology, and your business may already have one in place for emergency or after-hours situations.
When the pandemic first hit the US, many businesses sent a bunch of people home, planning for them to use the VPN to log in and work. Their VPNs (rather, the servers supporting them) weren’t up for the task and crumbled under the sudden, massive bandwidth demands. If this sounds familiar, it doesn’t mean VPN can’t work — you might just need some adjustments.
MFA and Access Control
Along the same lines, now is the perfect time to implement access control. If your server is wide open right now, where everyone in the organization can access everything on the server, you’re asking for trouble. Access control allows you to control who has access to what. The sales team doesn’t need access to internal security docs, and the security team doesn’t need access to the customer data in sales. Access control is the solution here.
Many businesses are under specific governmental regulations, like HIPAA in the medical field. Whatever regulations you need to comply with, it’s not enough merely to comply. You also must be able to show compliance with those regulations. Both aspects can get complicated with a remote workforce. Can you prove that Sam’s teenager doesn’t have access to patient data? What steps have you put in place?
Issues like these can prove challenging for even the most careful businesses. To work through tech-related compliance issues well, you need an IT partner that can walk you through the process.
5. Cybersecurity Training
6. Backup & Recovery
Here, too, remote workers need special attention. Hopefully, you’re already in an environment where your staff knows not to save important files locally. If not, you need endpoint backup capability for your team, including remote workers.
Moving to the cloud doesn’t eliminate the need for backing up files. Remote workers are more likely to have connection issues than your on-site staff. Weak or unstable connections may lead to file stability issues or upload failures. Look for a cloud partner that offers backups or versioning to help reduce these concerns and risks.