By: Dr. Angela Orebaugh
The COVID-19 pandemic has forced many organizations to move to a remote workforce, creating new potential security ramifications. Most large organizations are not prepared to host the majority of their employees remotely, and smaller organizations may not have the ability to offer remote access. Organizations needing to purchase additional equipment may run into time delays with production, shipping, and deployment. Currently, some organizations are scheduling workers on shifts to lighten the remote access load.
The biggest security risk of the remote workforce is employee-owned devices. Employees may need to use their own desktop, laptop, or mobile device to connect back to the organization. These devices may lack security controls such as host-based firewalls and anti-virus. With the influx of malware and ransomware now being delivered through phony COVID-19 related emails and text messages, those systems (and potentially vulnerable users) are the low hanging fruit for compromise.
Because of potential unsecured employee-owned end devices, the organization has just vastly increased its attack surface. Attackers may be able to enter the organization’s network through unsecured connections or the employee’s VPN connection. In the case of the encrypted VPN connection, security staff will have a difficult chance, if any, to detect attacks over this channel. Additionally, the increased load on VPN connections could create its own denial of service.
The following best practices can help organizations maintain security in a remote workforce:
1. Ensure that all laptops and mobile devices have firewalls, anti-virus, and automatic updates configured.
2. Provide guidance to all employees to change the default administrator password on their WiFi routers.
3. Enable multi-factor authentication for remote access, especially to critical systems.
4. Increase the frequency of backups. Backups are extremely important right now both on personal devices and at the organizational level with the increased threat of ransomware and other malware.
5. Consider implementing a mobile device management (MDM) platform to protect the organization from unsecured or compromised mobile devices.
6. Ensure that employees aren’t using unapproved applications and services for work such as document sharing services, video chat services, or communication and messaging platforms.
Additionally, some companies are offering free access to their software and services during the pandemic:
· 1Password is offering its business password manager free for 6 months use.
· Trend Micro is offering its Maximum Security desktop protection software free for 6 months use.
· Webex is offering free 90-day access to its service.
· Cisco is offering free access to several of its security products – Cisco Umbrella, Duo Security, Cisco AnyConnect Secure Mobility Client.
Remote access best practices and increased monitoring can help organizations make the transition to a remote workforce. Companies offering free software and services can help ease the financial burden. Lastly, once the dust settles, organizations may want to update their business continuity plan with lessons learned from a pandemic-induced remote workforce.
About the Author
Angela Orebaugh, Ph.D. is a technologist, educator, researcher, and author with a broad spectrum of expertise in information technology and security. She synergizes her 20 years of hands-on strategic and technical experiences within industry, academia, and government to advise clients on information technology and security strategy, management, and technologies.