In the midst of the chaos caused by the corona pandemic, more people are working remotely than ever before. With the abrupt shift to a distributed workforce, many an IT department scrambled to put infrastructure in place to enable the operation of remote teams.
Security, unfortunately, often remained an afterthought.
Businesses that put cybersecurity measures in place before the pandemic are seeing their defenses under immense strain. Those who didn’t are sitting ducks.
In March alone, the number of cyberattacks increased by 37%, pushing the total for the first quarter of 2020 to a stunning 445 million. A successful attack can be extremely costly, with the average damage caused by a breach lying at $3.92 million.
The vital question is this: What can businesses do, right now, to defend themselves against such attacks? Which safeguards can be put in place? What tools can be employed?
Here are 6 strategies and tools you can harness to secure the online operations of your newly remote team.
1- Review Vulnerabilities of Each Team Member’s Setup
First off, have a look at the conditions under which your team members access your network, and check for vulnerabilities there.
This starts with the home WiFi networks people are using for work in their quarantine home offices. These networks are often weakly secured by default and few people add security by themselves.
Doing a roundup of peoples’ networks, and giving out instructions on how to dial up their home WiFi security - for example by changing their SSID, turning on WPA2 encryption, and disabling WPS and UPnP - can go a long way towards staving off hacking attempts.
Team members using their private devices for work is another vulnerable spot. To provide end-point security, businesses should consider providing the hardware that distributed teams can use for business purposes exclusively.
Actually getting remote workers to use dedicated devices may be costly, and require a certain level of enforcement. But it significantly reduces vulnerability to not have people stream movies, play online games, or do personal shopping on the same devices that store sensitive information or connect to company networks.
2- Educate Team Members
Cybersecurity concerns everyone - especially in a remote team.
It’s vital that people know how to defend themselves against cyberattacks, and know the signs of an active breach.
This starts by keeping everyone updated on what current phishing emails look like, and sharing those that you’re actually receiving. Phishing has moved far beyond the traditional Nigerian prince scam, and opening a legit-looking unsolicited attachment can spell doom. Even Jeff Bezos found that out the hard way when his phone was hacked via attachment back in January.
When computers slow down, keyboards and trackpads get out of control, strange pop-up ads appear, or icons show up on the screens for software that wasn’t installed, your team members have to recognize the writing on the wall. And contact IT asap.
3 - Set up a Cybersecurity Framework
Securing your online operations by reviewing vulnerabilities and getting your team up to speed are vital first steps. But to create a safe online work environment for your distributed workforce, it is necessary to set up a cybersecurity framework.
Basically, such a framework keeps track of the platforms and networks your business operates on, what data is produced and stored where - and which of it is sensitive. It also keeps an overview of who on your team has access to what. This goes for passwords, networks, data, and processes.
This may sound complex, but there are ready-to-go templates that businesses of all sizes can implement. The US National Institute of Technological Advancement (NIST), for example, offers a massive amount of information on how to build and maintain cybersecurity frameworks.
4 - Dump Legacy VPN
400 million businesses and consumers worldwide are using virtual private networks (VPN). With the current explosion of distributed workforce models, the number of users has skyrocketed.
Unfortunately, not all of these VPN connections are safe. Hardware-based legacy VPNs, in particular, can be gaping holes in business security systems. Moreover, they are also rarely equipped to handle the bandwidth strain of an abruptly inflated distributed workforce.
Switching to modern, more secure, cloud-based solutions won’t just render your remote operations safer, it is also likely to speed them up.
5 - Adopt Zero Trust and SASE
In a recent Forbes article, it was categorically stated that when it comes to remote work, cybersecurity is equivalent to zero trust.
The zero trust principle operates on the assumption that every single interaction between user and network is seen as potentially dangerous. That is why each operation is compared to a user behavioral profile.
Machine learning and artificial intelligence construct a pattern for each user. Which platforms are typically accessed? At which time? For how long? Which actions are performed? Which network does the user normally operate from?
Any deviation from that profile is automatically flagged by the system. And the operation that was cause for concern is isolated and frozen until a security review.
A new player on the scene of security principles is SASE (pronounced ‘sassy’), which stands for Secure Access Service Edge. SASE is a cloud-delivered service that merges wide-area networking (WAN) with network security services and policies such as Zero Trust, CASB, or FWaaS.
A Gartner report predicts that by 2024, 40% of businesses will adopt SASE - so it might be worth looking into it already now.
Final Thoughts
Strategically, now is a crucial time to invest resources in stepping up your cybersecurity game.
Not just because of the abrupt rise in remote work during the corona pandemic - though that, and the associated rise in cyberattacks, are excellent motivators in themselves.
But more importantly, it also looks like distributed workforce models are here to stay. Driven by the pandemic, companies are discovering the advantages of telecommuting. A fair number of them already consider keeping remote teams in the long term.
That means that brushing up on your remote work cybersecurity now is an investment in the future - and success.