Over the past few weeks, many businesses have made changes to their operations due to the COVID-19 global pandemic, including implementing work-from-home policies. With changing work environments, businesses are facing new security challenges, including securing remote workforces. The following best practices will help your institution stay secure and prevent cybersecurity breaches as employees work outside of their normal office environment.
1. Understand Your Technology
When moving your employees to remote work environments, it’s important to consider the technology required for a secure workforce as detailed in your business continuity plan, including secure internet and virtual private networks (VPN). Your institution should test your system requirements and bandwidth before full implementation to prevent the risk of overloading the system. Changing work environments as a result of the COVID-19 pandemic also highlight the risks associated with network security. In the past, your network was within your company and protected by your firewall and data connections, but that may no longer be the case. Before moving to remote work, your institution should understand network security vulnerabilities and which types of controls are needed to secure those connections.
2. Avoid Quick Plans for Remote Data Access
One of the largest security risk areas during the pandemic is remote data access. As employees leave the office to work remotely, your organization should review data access to provide the ability for uninterrupted work. However, remember that enabling access is accompanied with certain risks. Some organizations have made the mistake of enabling data access in a non-secure way, thus exposing vulnerabilities that would not have existed otherwise. As your organization adapts to remote work, avoid hasty plans to make all data accessible, including migrating all data to the cloud. Before enabling remote access, think strategically about how to leverage your current capabilities and enable additional access in a secure way.
3. Use Secure Data Systems
To mitigate security risks, consider using a secure cloud-based data system. Many organizations have recently moved to the cloud and changed their controls to allow remote access to data systems, and cybercriminals are taking advantage of this. It is imperative that you understand your institution’s controls and enable protections like multifactor authentication, especially for cloud-based applications. For applications that do not work well in a cloud-hosted scenario, you can employ a hybrid approach with a combination of cloud-based hosted connections and VPN access.
Additionally, avoid browser-based, remote-controlled software unless your institution fully understands the controls and audit capabilities and has done vendor due diligence. With this type of software, users in the office can download an application on their system that allows them to access the application and control their desktop remotely. There are many regulatory compliance questions surrounding this type of software due to the high level of access the software provider may have to the system. Your employees are likely better off using a VPN solution or secure cloud-based data as an alternative.
4. Issue Corporate-Owned Devices
Issuing your employees corporate-owned devices enrolled in information security management systems is another way to help eliminate security risks in remote work environments. Generally, employees should not access a corporate network with a personal device. Using hosted email or other online hosted systems on personal devices poses less risk; however, risk is always present. If an employee unknowingly has malware on their personal device and opens their browser to download a document, that malware can be transferred to the network when the document is sent back via email attachment. If you’re using hosted email or similar systems, your institution can use systems that will scan email attachments or open and monitor attachments in a controlled, automated environment to determine the risk.
5. Maintain Communication
As institutions cope with operational changes, it is critical to communicate with your employees about your work-from-home policies and best practices. Risks are present any time a large percentage of your workforce moves from a familiar environment with specific controls or physical access to equipment and systems, but open communication can help mitigate some of these risks.
If allowing employees to use personal devices connected to a corporate network, ensure they understand ways to avoid malware and deploy technology solutions to prevent security breaches. And if you issue a corporate-owned device, indicate that it should only be used by the employee for corporate activities. Many employees are not familiar with security risks, and creating an environment that encourages open communication will help keep your business secure.
Looking to the Future
The COVID-19 pandemic is bringing transformative changes to the way we live and work, including the increase in remote working environments. As many employees shift to working from home for the foreseeable future, cloud adoption will likely skyrocket, as will marked increases in additional security technologies related to borderless networks and zero trust models, and your institution should be prepared.
Find out more about CSI’s Managed Services solutions to ensure your institution stays secure and competitive.
Sean Martin serves as a product manager for CSI Managed Services, and has extensive knowledge on implementing effective systems security and network management practices. He speaks and writes frequently on security-related topics affecting the financial services industry, and holds Cisco CCNA and CCIE written certifications.