Managing cybersecurity for an increased remote workforce requires careful consideration of the people and protocols throughout your business.
South Africa’s nationwide COVID-19 lockdown has made remote work a business necessity. And while you may have supported a handful of work-from-home employees before the pandemic, a rapid transition to a fully remote workforce is likely to test your capabilities. There isn’t a one-size-fits-all solution when you pivot from a traditional, physical hub to a virtual workspace, but there is one critical concern that should guide your actions: cybersecurity.
Effective cybersecurity requires both visibility and control. When your day-to-day business operations are centralised, it’s simpler for IT personnel to safeguard data and resources. They’re able to monitor networks, supervise hardware and software usage, and help govern employee behaviour to insulate your company from cyberthreats. They’re gatekeepers and guardians with defined perimeters, 360-degree views, and the power to manage endpoints and end users alike.
But what happens when your employees have to work remotely from their homes? What happens when they use household wi-fi, personal devices, and public applications to keep in touch with colleagues and complete job-related tasks? And what happens to your corporate security posture when it’s suddenly linked to domestic ecosystems that you cannot see and do not own?
The digital landscape has been changed by COVID-19. The threat landscape has been changed as well. One of the biggest challenges for cybersecurity teams right now is the protection of remote workers (and workloads) in a fluid environment where the risks have been greatly amplified by the current social and economic circumstances. While businesses are grappling with the coronavirus fallout on all fronts, cyberattackers are looking for novel ways to exploit systemic vulnerabilities and individual fears. Security measures that factor in technological and human considerations are more important than ever before. You need to look at your protocols and your people as you adjust your defensive strategy for the continuing lockdown, and the future beyond it. Our remote-work checklist will help you to close the gaps and strengthen cyber hygiene…
Few organisations were equipped to transform their employees into remote workers at the pace required for sustained productivity after South Africa’s lockdown announcement in March. Travel limitations and retail restrictions also made it difficult to purchase new corporate hardware for personnel to use at home. As a result, there are several remote-work scenarios in play: staff using company-owned devices; staff using their own devices; staff using borrowed devices from friends and relatives; or a combination of these.
A comprehensive policy that outlines the terms and conditions of remote access to corporate resources, as well as the roles and responsibilities of everyone involved, can reduce the risk of costly disputes in the event of a security incident. Your business may also have additional legal obligations regarding the handling of personally identifiable information and intellectual property in such circumstances, and you may need to consult an expert for guidance on the applicable local and international laws.
Make sure that your employees understand the importance of system updates, program updates, and software patches as part of a healthy cybersecurity routine – and be prepared to offer additional support to those who do not usually perform these tasks on their own.
You can also put device maintenance and protection under your corporate umbrella with a cloud-based endpoint management platform like Microsoft Intune, which gives you the ability to manage and secure company-owned and employee-owned Android, iOS, Windows, and macOS devices.
Check that all devices used by remote workers have adequate firewalls and up-to-date antivirus software installed. This is particularly important for the smartphones, tablets, and laptops that employees use personally and professionally.
Windows 10 has Windows Defender Antivirus built in, and if your IT teams are monitoring endpoints with Intune or a similar solution, then you may have additional functionality to improve the cyber safety nets around remote devices.
Your employees’ home office environments may be shared by their spouses, partners, children, roommates, or even tenants. And their home networks may support web-enabled appliances like smart TVs, or IoT automation systems like lighting control, or wearable technology like fitness trackers, in addition to their own portable devices. Every connected item is a potential gateway for cyberattackers.
You can buffer corporate resources against this wider threat landscape by enforcing the use of Virtual Private Networks (VPNs) and remote desktop applications. Make sure that remote workers do all they can to safeguard their home wi-fi routers as well, in terms of physical security (making it tamper-proof) and cybersecurity (changing its default password out of the box).
Implementing multi-factor authentication will help you to maintain control over core system access and protect sensitive business data. The extra steps that remote users have to take to verify their identities are essential security checkpoints for your organisation – and additional obstacles for malicious actors.
Phishing attacks are increasing as cybervillains move to exploit the public demand for coronavirus-related news and information. And you may already know that around 80% of data breaches are linked to compromised, weak, or reused passwords. Enabling MFA can help you to secure every employee login, no matter where the employee is located.
You have to account for the fact that technical aptitude differs from person to person, and that remote work in itself may be daunting for employees who are more comfortable in a communal office where the IT department is a few metres away. Make sure remote staff know who to contact for everyday troubleshooting and emergency intervention, so that they don’t have to look for workarounds and quick fixes that could compromise their cybersecurity, and by extension, your company’s as well.
SEE HOW WE DO IT | Step inside the BUI Cyber Security Operations Centre
The COVID-19 pandemic may have pushed you to explore remote productivity earlier than you’d planned – but if you make cybersecurity the guiding principle for your remote workers today, then they’ll be better prepared to face the digital environment of the future.
We’ve embraced the idea of the modern workplace, and we’ve helped many of our customers to do the same. Neil du Plessis, our cloud solutions security architect, will discuss rapid deployment for remote work in our webinar on 27 May 2020.
He’ll be covering key areas including secure connectivity, secure collaboration, and business productivity options for small and medium-sized enterprises, with a special focus on Microsoft Teams.
Zoom CEO Eric Yuan says the company is working to address privacy and security concerns, but cyber experts and government agencies have already raised the alarm regarding:
In response, many organisations have strongly discouraged the use of Zoom, or banned the software altogether.
Likewise, we do not recommend your business use Zoom until these vulnerabilities are patched
OUR ADVICE
Rather use Microsoft Teams. Microsoft’s powerful communication tool is your best option for secure online video-conferencing. If you don’t already have Teams as part of your Microsoft licensing package, the free version is available now. Learn more.
Get the Zoom For Teams add-on. If you’re required to participate in an external Zoom meeting, then use this app to do so from within your Microsoft Teams environment, with full control over your conference participation.
BUI is fully operational during the COVID-19 lockdown period and our specialists are available to help you make the most of Microsoft Teams. Contact us today.