There’s been a lot of change in the workplace in the past month with entire companies moving their employees out of offices and into their homes. While the shift has been a change for everyone, it has created unique challenges for security teams. Code42 CISO and CIO Jadee Hanson and Sumo Logic CSO George Gerchow got together on a webcast to discuss how they transitioned their companies to working from home. They talked about how they prepared and what they would have done differently — with the hope that other organizations can benefit from what they learned.
Read on for a summary of their conversation — or for more details, watch their webcast recording.
Bad actors abound – stay vigilant
The pandemic has unleashed cyber threats, including phishing and malware attacks, credential stuffing and GoFundMe scams — with a goal of sowing fear and preying on people’s anxieties. The bad actors continue to look for new opportunities to target companies and individuals — and specifically user endpoints. The endpoint devices of remote workers are the ultimate targets.
Why do endpoints have a fresh bullseye? George pointed out that employees logged in from their personal networks may be using a default password on their home Internet or have fewer security measures in place, which opens up their work accounts to new external threats. That’s why it’s so important for work-from-home employees to be alert to suspicious activity and take a “see something, say something” approach when partnering with their security teams. Despite the rise in cyber threats, Jadee noted, “Security best practices are the same, regardless of our physical work location…Security teams just might need to apply some additional technology on the endpoint now. But at the end of the day, security fundamentals are largely the same.”
Get the right tools to balance visibility and collaboration
As the security teams at Code42 and Sumo Logic prepared to support their full-time, work-from-home employee bases, there were a number of “must-haves.” Topping the list was having visibility to on- and off-network file activity. When Code42’s workforce went from 30% to 100% remote, the security team reassessed and tested to see how much visibility was needed to secure a work-from-home environment. Then they flipped the organization to a split tunnel VPN model. Jadee explained, “Essentially, what that means is important business work is still going to come through our VPN. But other activities that people are now doing on their devices, like watching movies on Netflix and Hulu, is going to go direct.” There were also some cases where users needed to be on key services on full tunnel VPN, so adjustments were made to ensure employees had what they needed to work not only productively, but also securely.
Another must-have for a fully remote workforce? The safe use of collaboration tools. While cloud-based tools, like Slack and Google Drive, are important to enable collaboration and innovation within the office walls, they are even more critical when all employees are working from home. George encourages collaboration with control, explaining, “We want to make sure that people are putting their data in the right places. Because now they’re outside of that (corporate) perimeter… and no longer in the office. So are people storing stuff in OneDrive or Google Drive the way that they’re supposed to? Are they using unsanctioned places to store data? Are they storing things on their local computer?” At Sumo Logic, they keep up an open conversation coming from leadership about best practices so that tools, like Slack, can be used to keep everyone connected without unnecessarily putting important data at risk. Establishing a new baseline for what activity looks like when all users are off network while working from home has been instrumental.
New challenges are here to stay
Throughout the conversation, it became clear that some of the biggest challenges and changes in shifting to a remote workforce were not on the tech side, but on the people side of the business. Jadee explained, “Tech is just the enabler for all of us to work from home. There’s also a huge cultural shift that needs to happen. We’re not just asking everybody to work from home. Rather, we’re telling people to work from home in a different world during a pandemic.” Having the resources to get employees the equipment and software they need to succeed helps remove yet another stressor. George explained that he’s learned that people want their organizations to give prescriptive direction during times like these so everyone is aware of the expectations while working from home. To support their shift to working from home, Sumo Logic created an Emergency Management Committee leading up to the fully remote workforce, and they continue to get together to keep employees updated on key changes.
Today, businesses are run differently and that will affect the future. Both companies identified the most vital, or bare bones, necessities to run their organizations. George explained, “We all have a bunch of systems out there. But as far as let’s say, sales is concerned, what do you really need, at a bare minimum, to be able to effectively sell? Or, what is the bare minimum our supply chain needs to deliver product to our customers?” Exercises like these help not only ruthlessly prioritize, but also plan for what comes next. When people return to the office, it will be critical to understand the tools that are essential for people to be successful in their jobs.
When it comes to work habits, both leaders emphasized the importance of taking breaks and staying connected on a personal level. Video calls help us keep the facetime we’re used to in the office and pick up on non-verbal cues during meetings. Virtual happy hours and regular team check-ins have become commonplace. It’s important to talk about something other than work and to have the watercooler discussions to check on how coworkers and families are doing. With families and pets at home, there’s also a need for understanding that there will be disruptions during calls and throughout the work day. Reassure co-workers that unexpected events at home are okay – that will help build a better, more connected, remote work environment. Finally, Jadee shared some parting words about self care: “If we thought security teams were stressed before, this is a new level for us. So it’s really important that we take time to recharge. We’re no good to the companies we support if we’re unhealthy and rundown.”
To hear more about how these leaders prepared and what they learned about moving an entire workforce to work-from-home, take in the full webinar recording.