Is your Organisation Ready for Remote Workers? 5 Strategies to create a cyber resilient Remote worker Policy
By Alexander Duffy
The World Head Organisation (WHO) has officially declared COVID-19 a pandemic. With multiple countries in quarantine, the global work force is becoming increasingly confined to work from their homes. Organisations who were previously not prepared for this shift in the workforce are now left with a need to support remote workers while maintaining business as usual.
Some organisations especially in finance and government who may have been slow to adopt work from home policies now find themselves scrambling to implement adequate measures in place to accommodate a trend that is here to stay. While it may be tempting to rush in and assemble a quick fix or a band aid solution, it is best to proceed with a plan that can be sustained in the long-term
Ramifications of a quick fix or implementing a plan without a clear strategy could lead to sloppy security standards and holes that may put the organisation at risk. However, it is now undeniable that every organisation should pay attention to the many benefits and risks associated with a remote work force and develop a data based strategy immediately.
Benefits of a Remote Workforce
Before current world events came into play, working remotely was proving to be beneficial for many workplaces. A PGI report conducted in 2014 showed that 82% of people experienced less stress, 80% experienced improved morale and 70% stated it improved their productivity. However, for organisations, the biggest perk of working remotely is the ability to hire people regionally dispersed, allowing a broader pool of talent without the associated cost.
Risks Associated with a Remote Workforce
Unfortunately, with all the benefits come the increased cyber security risk. OpenVPN conducted a survey in which respondents stated that 36% of them have had a security incident that was due to unsecured remote workers. Furthermore, 90% also believe that remote workers are not secure and pose a major security risk to their organisation.
How to Implement a Work from Home Strategy?
While, there is no one size fits all solution when it comes to remote work, there are some essential elements that is needed in developing a work from home strategy.
Risk Assessment: Rigorous risk assessment conducted with key business leaders and executives is the first step in developing a remote worker strategy. This step is essential because it drives the protections needed and the budget required to achieve the correct security posture.
Implement Formal Policies Organisations should create and formalise a remote working policy. Policies need to include a device policy that describes in detail, what technology and tools are appropriate and comply with the organisation’s standards. This policy should also include regulations around the used of BYOD devices and any additional security measures needed on these devices for compliance. An important factor of policy making needs to be the ability to enforce it from the top down by making executives and team leaders accountable for violations of said policy.
Encryption Data encryption should be the next thought, protecting data at rest is important for preventing data theft from stolen or lost devices. It should be applied to all corporate laptops and mobiles.
Secure and Accessible Infrastructure Many corporate connections were never designed, or stress tested to support the number of remote workers trying to connect into the organisation on VPNs. Changing the way workers access and use the data needs to be monitored and mapped. Access anywhere methods such as SharePoint online and cloud storage like OneDrive are powerful but require extra considerations. Measures need to be put in place to ensure that only corporate approved devices can access those resources. One way to achieve this is by using Cloud Access Security Brokers or corporate VPNs and connecting those to cloud private gateways, and then applying restrictions on the SaaS services to only allow access from protected IP ranges or devices.
User Training Last but not least is user training. Ensuring users are aware of their obligations and responsibilities when working remotely is critical to address the human factor in security risk management. Training for staff in all areas of the organisation that covers topics such as password polices and how to securely access and store corporate data can help organisations succeed in keeping a remote work force and an organisation’s security safe.
Whether it is due to virus pandemics and other external factors outside of an organisations control or just through the many other benefits associated with it, remote working is here to stay. Organisations need to actively plan and implement solutions to securely extend their network perimeter. It’s a big world out there and it’s only getting bigger.
About the author
Alexander Duffy is the Chief Security Officer for emt Distribution. He is passionate about implementation of the ASD Essential Eight framework and its role in improving the security posture of organisations in ANZ. For more security updates follow him on LinkedIn