This presentation was originally delivered during the Secure Remote Work Virtual Summit, which took place on March 31, 2020.
You can view the full event summary and as well as access additional sessions from the Secure Remote Work Summit in our Secure Remote Work Resource Center.
The current COVID-19 pandemic has made it clear that many business are underprepared for remote work en-masse. Watch the session recording to learn what requirements you’ll have to meet in the future to ensure your agency or company is “pandemic-prepared.”
Watch the video or peruse the notes from the session below.
Exposed vulnerabilities in remote work
In both government and commercial environments, coronavirus has left vulnerabilities exposed. Chris Riismandel and John Simmons list out some of these weak spots.
- Not all employees have access to protected laptops or desktop computers.
- Networks can become compromised when employees are not using secure equipment.
- The non-mobile workforce is being displaced by having to work remotely.
- Where security was once controlled and monitored on-site, now it will have to be controlled remotely.
- There are more threat vectors through personal equipment.
- There may not be enough bandwidth to support remote work.
- Moving between Internet Service Providers causes disruptions in work.
One of the biggest threats to remote work are zero-day exploits. These are computer-software vulnerabilities that are unknown to the monitor. As these vulnerabilities go unmitigated, hackers use them to their advantage to steal information or install ransomware.
Current remote work security solutions
Even though the list of cybersecurity threats can feel overwhelming, there are solutions. Just remember that each network is different with its own security needs.
- Secure personal work devices, to the best of your ability, using a high quality VPN and firewall.
- Segment your network for devices plugged straight into the enterprise.
- Implement remote patching through secure downloads.
- Instruct your employees in proper device usage.
The last recommendation is the most important. One rule that employees should follow should be to never click on a link in an email. For example, with the influx of Zoom meetings there are many emails being sent with meeting links.
It is recommended that instead of clicking on the link, employees should go straight to Zoom and manually type in the meeting ID. This protocol should be followed for all email links because cyberattacks could occur through false identities.
Read the Guide: The Secure Remote Work Guide
How to work from home securely during the Coronavirus outbreak & beyond.
Remote work future-proofing
One of the biggest issues of remote work due to COVID-19 was the unpreparedness of both commercial companies and government departments. Take a look at some of the things that should be part of your future remote working security policy.
- Put together policies that are directly aimed at mobilizing your non-mobile workforce.
- Begin remote security monitoring that keeps track of access logs and data flow.
- Apply a single tunnel protocol so that info goes straight through a VPN, rather than a split tunnel protocol.
- Implement border nuking for email spam attacks with certain keywords so that they never even appear in an employee’s inbox.
- Provide unlimited data plans and VPNs for employees who are using hotspots when traveling.
- Use a local repository to download patches or use multi-level authentication for internet downloads.
- Create and exercise remote work continuity plans.
The biggest battle for remote work security is awareness training. There will have to be a culture shift from convenient technology for security to tedious technology for security. This is because the latter will ensure secure protocols.
Employers should also have a conversation with employees about personal device monitoring. When employees are using their personal devices, employers no longer have as much control over security.
While some are completely fine with their employer monitoring their personal devices, others will not be. Above all, employees should be trained on safe communication and collaboration.