Securing your remote workforce during COVID-19
Remote work has grown 173% over the last 15 years. A pre-coronavirus study revealed 3.4% of the U.S. workforce — nearly 5 million people — are mobile workers.
And that was before social distancing.
With careful planning, organizations that allow employees to work remotely can reduce overhead expenditures, increase productivity, reduce turnover, and improve morale — all without sacrificing cybersecurity.
But no one planned for the global work-from-home effort driven by COVID-19. Few organizations could have imagined their entire workforce would suddenly have to work from home.
The rush to move business online has dramatically expanded network access, opening the door to cybercriminals who are eager to capitalize on the crisis.
One security researcher has reported seeing around 2,000 coronavirus-themed sites being set up daily in recent weeks — many of them malicious — and there has been a flurry of phishing attacks using the virus as a lure.
Minimizing your attack surface during COVID-19
While sending employees home to work supports social distancing, allowing them to access critical systems and data from endpoints and networks you don’t manage increases risk exponentially.
Validating and reinforcing your cybersecurity, therefore, should be a top priority as this crisis continues to evolve.
Protecting your remote workers — and your organization — from cyber threats doesn’t have to be complicated. Now is not the time to rethink your entire security program.
Security solutions based on the top three cloud providers — Amazon Web Services (AWS), Google Cloud, and Microsoft Azure — can be rapidly deployed to enhance your current capabilities. Consider solutions like:
Secure remote access
Virtual private network (VPN): VPNs allow users to securely connect to corporate networks to send and receive files, data and applications from anywhere. They use advanced encryption protocols and secure tunneling techniques to encapsulate online data transfers.
Software-defined perimeter (SDP): SDPs form a virtual boundary around company assets at the network layer rather than the application layer. They allow access to users only after verifying user identity and assessing the state of the device. These solutions are particularly helpful if users need different levels of access.
Identity and access management (IAM)
Cloud-based IAM solutions: These controls ensure the right people have the appropriate access to technology resources. They can provide Single Sign-On, Universal Directory, Adaptive MFA, API Access Management, Lifecycle Management, Advanced Server Access, and Access Gateway capabilities to protect employee identities and access.
Cloud-based endpoint solutions: Cloud-delivered endpoint security solutions help monitor endpoint activity, identify threats, and quickly respond to attacks by triggering automatic actions on the endpoint device. They unify next generation antivirus (NGAV), endpoint detection and response (EDR), device control, vulnerability assessment, and IT hygiene capabilities.
In addition to bolstering security, many organizations are turning to Microsoft Office 365 services such as Teams to enable sharing and collaboration during the outbreak. While it has security features that adhere to ISO 27001, it’s important to ensure an understanding of Office 365’s native capabilities and identify where third-party solutions may be needed to secure your critical data in the cloud.
We’re here to help
Until recently, only 7% of U.S. employers reported making flexible workplace options available to most employees. Faced with ensuring the health and safety of their employees, families, and organizations, security teams are understandably overwhelmed by this unprecedented shift to remote work.
Vendor-independent IT integrators such as SHI are providing complimentary training and remote COVID-19-friendly security services to help you fortify your cybersecurity posture and continue to meet both internal and regulatory requirements.
To learn more about advancing your cybersecurity capabilities and validating your infrastructure, contact your SHI account executive.
Anne Grahn contributed to this post.