REMOTE WORKFORCE

Getting Real on Working From Home: Security and IT Practices That Are Here to Stay

5 MIN READ

Code42

If history has taught us anything, it’s that change is always constant. The most successful companies of this generation—think Apple and Amazon—embraced drastic change in order to thrive. During the COVID-19 pandemic, organizations are being challenged by change with the unprecedented speed required to shift entire workforces to remote work, with security and IT teams shouldering the brunt of this challenge.

To support a large number of employees working remotely, security and IT professionals had to make countless adaptations in the span of a week, or even a few days. VPN capacity had to be tested, new collaboration software was adopted and office hardware was moved from work desks to personal desks, out of reach from the IT team. We are sure your respective teams dealt with the same challenges.

Now that we take a look back, did we execute this security shift correctly? The answer might not come until a year from now when an inventory audit reveals a few misplaced desktop monitors. But in the meantime, we have compiled an assessment of the immediate aftermath, a catalog of what worked well for CSOs and CISOs in their attempts to properly secure data across remote workforces, and what they admit might not have been the best route.

To Continue Reading…

Share a few pieces of information and we’ll personalize your experience with us

What works: Security and IT practices that are here to stay

1. Focus on security fundamentals first

Whether you are working from home or not, one thing that shouldn’t change is basic security hygiene. Make sure you are prioritizing confidentiality, integrity and availability. Otherwise any additional security and IT efforts won’t have a foundation to grow off of. In addition, ensure your IT and security teams are working cross-functionally; a siloed team will not be able to strengthen these fundamentals.

2. Test VPN capacity

VPN capacity is a large concern for IT and security teams, especially when their previous architecture only supported a fraction of the organization working from home. After many tests and modifications, you have probably found the balance between full-tunnel and split-tunnel VPN that best fits your organization. But as the workforce starts to de-mobilize, this testing will continue. Some employees will continue to work remotely and we may never return to a time where the majority of the workforce is connected to the corporate network.

3. Continue security education and awareness for the entire organization

External attackers did not sympathize with the global pandemic in 2020. In fact, they exploited it, stooping to an all-time low with an onslaught of phishing attacks, new malware and credential stuffing. It’s important for the entire organization to understand how they can help prevent these attacks, as well as other security breaches, especially when your team has enough on their plate already. Consistent chat communications and email reminders can go a long way for your organization’s ongoing security awareness and training program – and it’s a practice that is important to maintain regardless of where employees work.

4. Ensure visibility to your data

Let’s talk about data management and monitoring. Does it require you to identify and tag what’s important? Is it driven by policies? Do you know what’s going on when employees are not connecting to VPN? These are a few of the questions that are important to answer. When you combine the adoption of new collaboration software with employees who do most of their job while disconnected from the VPN, it doesn’t take long for a highly-classified document to move to an undetected location. Policy- and network-based security tools have inherent limitations. When approaching data security, it’s essential to plan for visibility into security vulnerabilities and into the riskiest behavior regardless of where and how employees are working. Collaboration tools should spur innovation, not cause a security headache.

Lessons learned: Examining the failures

1. Physical asset management

This was a huge challenge—how does the IT team keep track of every piece of hardware that was relocated to work from home? How do you get loaner computers to employees who need one? For some companies, it was the first time they needed to have a virtual help desk. The best way to work through it? Document as much as you can, and understand that it may not work out perfectly.

2. Business continuity plans

While many scientists (and even Bill Gates) may have been warning about a pandemic for years, organizations were unprepared. Rather than being dusted off, business continuity plans were assembled in a matter of days, and executives were making really tough decisions to questions that they never imagined needing to answer. At this time, they were wishing they had taken action sooner. A business continuity plan should be strategic, well thought out and prepared in advance. This is a document that needs to be updated periodically moving forward.

The biggest challenge: Keeping a people-first mindset

In the end, technology is just the enabler for remote work. Having a people-first focus is the best first step for embracing change in your security and IT practices. Engage with your remote workers over non-related work topics—they aren’t spending those few extra minutes chatting at the help desk or joining midday coffee runs. Support your employees as people first. Otherwise, you aren’t benefiting your company.