Solving the Remote Work Cybersecurity Conundrum
The decentralization of workers
By John Rossiter, Principal Consulting Engineer, and Chief Information Security Officer
When the pandemic forced companies to suddenly shift to remote-work solutions, many employees started to use personal computers and other non-corporate devices, creating substantial security issues still under-addressed.
Even when employees use company-provided computers and laptops, many users admit to using the devices for personal purposes, even on work-prohibited applications. It’s a behavior creating massive cybersecurity problems, mainly because security analysts aren’t in physical proximity to their users.
There are several ways to approach hybrid or remote work practices to help ensure security among your workforce and the organization:
Consistently ensuring that your staff understands best practices for remote-work environments is a key factor in implementing cybersecurity training modules for your organization. Training should include how to protect sensitive information in a remote-work environment. Teaching your staff how to differentiate between a real email and a phishing message is helpful, but it is in constant practice and testing that you can make them get used to the practice. Provide them with an effortless way to report suspicious emails to your IT staff to help protect the rest of your organization.
Make cybersecurity the number one priority with proper controls, education, and testing of phishing attacks. Give your staff what they need to keep your data and network safe from inside and outside influences. Cyber-attacks can come from various paths. Emails may have links to websites that deliver malicious payloads. Attachments can include executable files regardless of the visible file name.
A new vector comes from our mobile devices as text messages. While we may be used to getting texts from friends and colleagues, text messages from an unknown number with a shortened link can lead to disastrous results. If you don’t recognize the sender, don’t click the link. If it’s from someone in your contacts and unexpected, reach out to them by phone to check if it’s a legitimate text. Spoofing text messages is as easy as spoofing caller ID.
Secure, secure, secure your network assets. Use secure connections to keep outsiders out while allowing your staff access to perform their jobs. Endpoint protection systems are designed to quickly detect, analyze, block and mitigate attacks in progress. This includes continuous monitoring while collaborating with other security technologies. Cloud-based endpoint protection gives instant access to the latest threat intelligence. This allows for faster, more automated responses.
Add action items and rules to review approved and unapproved devices attached to your network for unsecure software. Make it a routine task to check for updates on operating systems and software on your network. Often program updates will provide new features that can be useful in your everyday work.
The National Vulnerabilities Database reports that new vulnerabilities are identified weekly, if not daily. Unpatched software and operating systems provide hackers with a way into your computer and network.
Updates can be as simple as clicking a button, yet several factors are in play when updating software and operating systems. It’s best to have your IT department (or managed service provider) run a test before performing a wholesale update on the network to minimize the impact on your daily operations
Remember that you are only as safe as the most recent updates.
Collaboration and communications
Build a secure and unified communications platform into your daily operation. Keep the lines of communications open and make them easy to use. Include computer and mobile device connections to your VoIP system. Let your staff seamlessly respond to incoming calls, attend video chats and conference calls from their home office.
Use a Managed Collaboration Service provider to keep everything in peak operating performance. They can function as an extension of your team to identify and resolve issues quickly to keep your unified communications secure and healthy.
An excellent first step is to provision the foundational elements for a secure workplace. While we all share a common need to secure and protect digital and human resources, their implementation is unique, based on each enterprise’s needs.
Visit our blog regularly for the next post or listen to our Digital Aspirations in Business podcast for more information
If you’re interested in how Aspire can help you, please contact us at email@example.com
Aspire Technology Partners is a four-time Cisco master partner, and we can build you a custom proof-of-concept environment with a full demo.
Aspire Technology Partners is a Cisco Gold Certified Partner engrained in solution pillars that set us apart as a true Cisco solutions provider. We are committed to the continuous improvement of expertise and skillsets around Cisco initiatives that enable us to help and guide customers in the adoption and management of technology architectures designed to transform their organization. We hold Cisco Master Specializations in Collaboration, Security, Cloud & Managed Services and is one of only 25 partners in the US to receive the Cisco Advanced Customer Experience Specialization.