In the past week, we have seen an incredible change in how the country is reacting to the pandemic. Just last week many organizations were attempting to create or solidify contingency plans “if” the need to transition to a remote workforce arose - this week, that became a reality for a large majority of organizations across the globe. From finance and marketing to technology and education, working from home has suddenly become the “new normal” for the foreseeable future, and securing your remote workforce has become a top concern.
In light of this rapid changing of gears, there is a pretty good chance that either your own organization or one of your customers’ were not completely prepared and are scrambling to implement whatever tools and solutions they can—and as quickly as possible—to ensure their workforce (and network!) remains safe and functional.
For any business facing frightened employees and/or the need to suspend in-person functions for a period, there are several key things to consider in order to keep both employees and the business safe and productive. Here are a few ways in which partners can help their customers in light of the current global crisis.
From an organizational standpoint, network security and communication tools are absolutely critical for successful remote working. While communication can more readily be handled in most organizations simply by using existing tools such as email, conference bridges and instant messaging. Ensuring the proper protocols are in place to allow employees—especially those that haven’t previously worked remotely—to access business critical applications and documents without opening the network to vulnerabilities may not have previously been on the radar. Additionally, knowing how to maintain security when employees are working remotely looks a little different than when an entire workforce works from a single location.
First and foremost, every business needs to have a work from home security policy that assures sensitive information receives the same level of protection on a remote network as it would on the company network—and makes sure there are mechanisms in place to confirm this policy is being adhered to. Businesses using Microsoft, for example, can leverage Group Policy Settings (a group of settings in a computer’s registry) to help prevent data breaches and make organizational networks safer by configuring the security and operational behavior of company devices.
Together with Active Directory, which organizes a complete hierarchy including which computers belong on which networks and identifying users that have access to the storage room, Group Policy Settings can prevent users from actions such as accessing specific resources or running scripts.
Mandating that remote users connect to an organization’s network using a VPN (virtual private network) and placing them behind the company firewall with the corporate security policy in place is an absolute necessity. A VPN routes a device's internet connection through the VPN's private server instead of the internet service provider (ISP) so that when data is transmitted to the internet, it originates from the VPN rather than an individual device.
Implementing—and enforcing— a mandatory VPN without the ability to split tunnel as well as ensuring that only network/system admins have the ability to override this policy provides the same level of security at the machine level when remote that a user would have when in the office. Split tunneling is the ability to direct some internet traffic to the VPN without losing access to local network devices (like printers) or public internet connections (like a hotel’s WiFi network). While this method can alleviate bottlenecks and conserve bandwidth, the VPN would then be vulnerable because it is accessible through public, non-secure networks.
In addition to ensuring employees’ connections to the internet and internal networks are secure, the security of cloud-native applications and environments is also critical. “Whether public, private or hybrid, cloud is the true enabler of a remote workforce,” says Steve Roos, Vice President, Technology and Security at TBI. “Confirm that your security policy addresses all of your cloud services, and if it does not, updating the policy to encompasses cloud services should be a high priority.”
While a Fort Knox-level security environment does not need to be constructed, particularly when attempting to build up defenses on short notice, Roos emphasizes that organizations need to ensure all cloud applications are encrypted at the application layer, and, when available, a WAF (web application firewall) is also a great layer of protection to add to a public cloud environment. A WAF helps protect web applications by filtering and monitoring HTTP traffic between a web application and the internet.
The cloud is typically one of the most secure methods of storage for the simple reason that data centers are primarily housed in facilities with strong physical protections, redundant power, and tested disaster recovery procedures. In addition, reliable cloud service providers can provide evidence of verification and frequent validation by independent auditors.
Securing Employees’ Remote Environments
Lastly, one of the top security risks with a remote workforce is simply the potential vulnerabilities of employees’ home networks. With the volume of IoT devices in the average American household—from Alexa and Google Home to security systems and appliances—there is no shortage of risks that exist to a remote worker and, by extension, their corporate network. Something as simple as an infected file unwittingly downloaded by a family member living dormant on a home network can potentially impact the organization if employees are connecting their own devices to the corporate network.
Similar to a work from home security policy, organizations should ensure that they have both a BYOD (bring your own device) policy as well as an acceptable use policy in place; they are both critical factors in keeping corporate networks free from infections or attacks through an unintentional security breach via an employee’s home network.
No one’s sure what’s next for the population at large. Unprecedented numbers of businesses are mandating work from home periods from a couple of weeks to indefinitely in an effort to do their part to contain the coronavirus and keep their employees safe. So, while an organization may not have expected the sudden, critical need to not only roll out but secure a remote workforce, there are still plenty of solutions that are relatively quick and inexpensive to implement that will provide the basic security measures needed in relatively short order.
That said, if you already have or are in the process of executing security protocols for your own workforce or for your customers, you would be remiss if you did not also review the current environments to safeguard against any missing components needed to maintaining a safe network.
Now is also a good time to revisit business continuity and disaster recovery plans. If you or any of your customer do not have both, or have outdated plans, it is advisable to review or implement these plans as soon as possible.
While the world right now is offering up a lot of uncertainties for businesses and individuals alike, some of the most important things we can do to help ease the fear of the unknown include being prepared, making plans and contingencies, maintaining clear and direct communications, and, more than anything else, demonstrating an abundance of patience and empathy toward other businesses, departments and, of course, each other.
In an effort to help our partners to communicate with and support their customers, TBI is offering a wealth of resources specific to the COVID-19 pandemic and enabling remote workforces, including a live panel discussion on March 25th; a variety of assets, such as white label documents and email communications, and a soon-to-be live PMC campaign.
ABOUT THE AUTHOR
As Marketing Communications Manager, Amanda is responsible for creating content and carrying out internal and external communications programs; she also develops educational materials to enable TBI’s partners to sell emerging solutions. Amanda also contributes to ensuring consistency with branding and ensuring TBI provides useful and relevant content to our partners. You can reach Amanda at firstname.lastname@example.org or connect with her on LinkedIn.