Fundamental security concepts for IT teams and organisations to understand
While organisations are, to varying degrees, incorporating more flexible elements into the modern workplace environment, the outbreak of the coronavirus has suddenly thrust remote working directly into centre stage. Companies including Google, Twitter and Indeed, have already asked employees in Ireland to work from home for short periods, and with further cases expected, it is likely more companies will be forced to close their offices at times.
During an IBEC webinar on the business impact of coronavirus in Ireland, it was stated, “This is a societal issue and not just an employer issue. We all share responsibility.” As such, one of the most responsible things employers can do is limit unnecessary exposure of those being tested for the virus to large groups of people. Instructing employees to work from home in such a case is the responsible thing to do, but businesses require remote working capabilities to implement this policy while ensuring business continuity.
Security risks of remote working
Putting in place a productive and secure remote working solution is the biggest challenge facing organisations in light of confirmed COVID-19 cases in Ireland. However, the rush to implement a work from home policy has the potential to expose organisations to huge risks.
The haste at which coronavirus is forcing companies to act could lead to some compromising on security. In a 2019 Microsoft survey of employees in Ireland, 6 in 10 claimed to work from home, and half of these claimed to have no restrictions on access to work-related content from home. As companies flock to potentially unsecure work environments, this is a perfect opportunity for hackers and cyber-criminals to ramp up their level of attacks. Advanced methods like SMS phishing and login-screen phishing can target remote working devices and grant attackers access to company information.
No business wants to wants to experience a data breach due to putting in place an ill-prepared work from home policy, nor do they want a situation where their staff aren’t equipped to do their job properly. Our 7 step contingency plan can help organisations to quickly mobilise a secure and well-functioning remote working solution.
Your 7 step contingency plan to enable secure remote working – To read all 9 tips as well as Microsoft’s newest security research you can download the full publication at the top of the page.
1. Create a remote working roadmap for your business.
Firstly evaluate the attitude to remote working in your organisation, where are you currently at and what needs to be done to enable full flexible working conditions. Do you have the necessary infrastructure in place? Are your employees equipped with devices that can access the network remotely? Are these personal or company devices? Map out the full landscape as it currently is.
2. Implement identity and access management solutions.
Once you have a handle on the devices used to access your network and the capabilities to support remote working in place, its time to implement an identity and access management solution. Verifying the identity of users with multifactor authentication and other measures ensures that the right individuals have access to the right resources at the right times for the right reasons.
3. Put in place restrictions that work remotely.
While inappropriate sites are usually blocked when operating on the company firewall, what happens when work devices are used beyond your company’s LAN perimeter? Put measures in place on the work devices themselves to prevent unwanted access to certain sites and ensure that no matter where devices are used, restrictions remain in place.
4. Test the environment to ensure employees can work properly.
If devices are locked down so severely that policies end up preventing employees from working easily, this will cause a number of implications. Frustrated users are likely to seek free cloud services to bypass the lockdowns. Accessing company data on unapproved and unsecure third-party sites, a practice known as shadow IT, is a huge security risk facing companies. Test the environment and survey employees to ensure they can carry out tasks easily on your approved network.
5. Clearly communicate home working policy to workers.
Regardless of the specifics of your policy, it is important that employees are fully aware of their rights and responsibilities before using a mobile device for work. Distrust, frustration and tension can arise if employees only first encounter issues at home when discovering the small print of a policy. Users are more likely to accept privacy compromises or other required measures that need to be implemented if they are clearly communicated beforehand. Hold information sessions, give updates on policy changes and send information emails to staff well in advance.
6. Monitor threats and systems on an ongoing basis to improve security and performance.
You can gain valuable insights into your remote working environment through real time monitoring and threat prevention programmes that come as standard with many IT infrastructures and software licences. Use these monitoring systems to remain vigilant against threats and learn more about how to improve remote performance.
7. Support users in adapting to the new environment.
Its crucial for employers to be on hand to support users and help them adapt to an entirely new working environment. It’s inevitable there will be some connectivity issues, so ensure your IT support team is well staff and equipped to help resolve problems. Encourage remote users to take dedicated breaks as they would in the workplace, helping them adjust to the new work conditions and ultimately be more productive.