Flexibility and employee mobility are key benefits made possible by remote work. However, as much as employees enjoy the ability to work anywhere in the world, for organizations, the transition to remote work implies new security considerations.
In a world where workplaces are no longer confined to a physical location, it’s impossible to keep all devices within a perimeter of a secure network. It is equally challenging to make sure employees are not connecting to unprotected networks, such as public space Wi-Fi, or don’t have unauthorized apps on their work devices.
That’s why managers cannot turn in a blind eye to securing remote workplaces. In this post, we will review the questions that help assess how well your devices, workflows, and collaboration tools are protected from attacks and share best practices for building a threat-resistant cybersecurity infrastructure.
Remote work security implications: challenges and risks
The shift from a centralized and controlled workplace to a distributed environment where it’s hard to estimate the number of devices employees use to access tools and assets gave rise to new trends in device use and network access. These have widespread implications in cybersecurity and expose companies to a wider range of threats.
Bring your own device (BYOD)
According to Deloitte, over 1000 insecure devices log into the enterprise network of over 30% of organizations across the US, UK, and Germany every day.
Although the bring-your-device policy is convenient from an employee’s standpoint, it expands the range of potential vulnerabilities. Since organizations have no control over the applications and files employees store on home devices, they have no way to remove malware or spyware from an affected computer.
Similarly, the ability to work from different locations exposes remote teams to unprotected networks that can be monitored by third parties. The lack of awareness and education on security hygiene also means that remote employees are unaware of the types of attacks they are exposed to when connecting to a public Wi-Fi or leaving their devices unattended.
BYOD audit questions for team leaders
As leaders try to eliminate potential threats associated with a distributed workforce and the bring-your-own-device policy, these are the questions they need clear-cut answers to:
- Does the company have a password policy that encourages employees to protect their laptops with a complex password (8-12 characters, not shared by other accounts)?
- Has the security team set up a VPN connection for accessing tools and corporate data?
- Are the employees’ laptops protected by data loss prevention and antivirus software?
- Is there a set of restrictions for USB drivers and other removable devices that could lead to the spread of malware or data leaks?
- Is there a clear backup schedule for ensuring the integrity of data?
- Do employees have screen shields that would protect webcams from trojan attacks?
- Does the organization have a policy of encrypting hard disks?
Best practices for securing “Bring Your Own Device” policies
Intentionality and strategic thinking are crucial to enforcing effective security policies in remote teams. While supplying all employees with corporate software would solve part of the vulnerabilities created by BYOD, organizing device shipping is challenging for startups that have global teams and limited home office budgets due to costs added with shipping and other expenses.
So, how should a remote organization protect its employees, clients, and data without abolishing the bring-your-device policy:
- Develop guidelines and policies and make sure teammates understand the importance of these measures and comply with them since Day 1 of joining the company.
- Have an approval system for devices that log into the network to weed out unapproved login attempts.
- Have a list of recommended security tools – VPN, firewall, or antivirus platforms – that would prevent attacks on the devices used by a remote team.
Legacy systems are not keeping up with the challenges of remote work
Organizations using legacy systems (such as COBOL-based software), will have a harder time adjusting to the dynamic nature of post-pandemic workplace security needs.
Due to several reasons – shortage of skilled talent, little consideration of decentralization by design, and decades-old codebase, these tools struggle to support companies as they scale and introduce new technologies into the workplace.
Questions organization leaders should ask themselves when examining legacy systems?
- What is the company’s definition of a legacy system? A common misconception would be to classify systems by age alone – however, legacy systems can be modern as well, as long as they are slow to update, separate from existing systems, and hinder the company’s growth and scalability.
- Do any of the company’s systems use obsolete technologies or require rare, hard-to-source skills for maintenance?
- Is system documentation updated and robust enough to help teams use it to its peak ability?
- Do all of the systems support the company’s ever-changing needs in a remote workplace?
- Does the company have a consistent process for reviewing and modernizing legacy systems?
Best practices for identifying and modernizing legacy systems
Turning a blind eye to the outdated systems the company might be using puts newly remote teams at a higher risk of security vulnerabilities.
Such systems are not flexible enough to adapt to dozens of thousands of known security vulnerabilities. On the codebase level, they are hard to update and largely made of “spaghetti code” that doesn’t follow unified conventions, have low readability, and is challenging for newcoming engineers to untangle.
Here are the practices leaders can use to pinpoint and modernize outdated systems:
- Develop a decision matrix that includes organizational, business, and technical properties of a legacy system and cross-check your systems against it.
- Have a clear modernization workflow: Gartner suggests a seven-step “encapsulate, rehost, replatform, refactor, rearchitect, rebuild, replace” model that matches the extent of modernization to the state of the system and organizational needs.
- Revisit the architecture of a legacy system: replacing a monolithic system with a microservice-based one is a popular and effective approach to modernizing tools like ERP solutions.
- Address scalability and availability concerns. Legacy systems tend to halt the growth of remote teams if they rely on on-premises management. Cloud migration is a way to make a system more suitable for the mobility and accessibility demands of the modern workplace.
Security vulnerabilities in collaboration platforms
As companies embrace remote work, their collaboration stacks become more bloated. On the one hand, exploring and introducing innovation puts leaders ahead of the curve and helps them address the key challenges of remote communication – isolation, lack of engagement, low decision-making speed, and siloed processes.
However, if not vetted thoroughly enough by a security team, third-party collaboration tools can compromise data integrity and expose organizations to outside attacks.
Questions to ask when choosing collaboration providers or reviewing collaboration workflows:
- Does your organization apply the rule of least privilege (restricting access rights to the features strictly needed by each team)?
Are your employees aware of the data use and sharing policy associated with using specific collaboration platforms (for example, keeping confidential info private instead of accidentally sharing it on the open web)?
- Is your organization using hyperlink scanning tools to protect remote teams from phishing attacks?
- Does your organization has an identity control policy – for example, prioritizing SSO over creating separate accounts?
- Is there a clear understanding within the organization as to which information is confidential and should not be shared outside of the company?
Best practices for securing remote collaboration workflows
- In light of “Zoom bombing” attacks, keep meetings practice and whitelist participants before letting anyone in.
- Create and share a security questionnaire with a collaboration platform vendor before introducing your team to a new system.
- Check if the platforms you have shortlisted have security certifications like ISO 27001.
- Keep in touch with the support team to be the first one to learn about updates and protection patches. Installing those will protect your data, messages, and meeting content from outside attacks.
Delayed incident response and slow decision-making
One of the biggest challenges of remote work is in slowing down communication and delaying the incident response. If a threat is detected, reporting it and eliminating the risk before it culminates in business impact is crucial.
However, more often than not, ladders don’t have the tools and policies for sharing information and acting as quickly as possible in a remote environment.
Questions to ask yourself when assessing your company’s threat management policy
- Does your team have a database with common security vulnerabilities and detailed response plans to common scenarios? Is it updated consistently?
- Does your incident response governance system factor in the change in working models? For example, are you aware of time zone differences within your team and how these can impact the speed of decision-making? Do you have strategies for minimizing impact?
- Does your team know how to report security incidents? Is the process straightforward and accessible 24/7?
- Has your team implemented countermeasures that will help restore the data lost after a breach or prevent data loss in the first place?
- What is your approach to documenting incidents and running post-incident reviews? Are the teammates aware of these assessments? Does the schedule allow people to participate in incident review sessions?
Best practices for threat detection and post-incident response in a remote team
- Create an incident response plan that covers all common threat scenarios. Make sure you store it in a way that is accessible to the team but hard to reach for potential attackers.
- Assign responsibilities to team members. Ideally, you should have someone responsible for threat management available at all times so it’s a reasonable practice to assign security monitoring roles to people working in different time zones.
- Keep response plans straightforward and logical. Make sure that employees don’t struggle following incident reporting or response checklists. Running security drills and testing the quality of your team’s response is an excellent way to prepare yourself for acting quickly and eliminating panic in high-stress situations.
The Bottom Line
For the most part, security management in remote teams is similar to that in an in-office organization. Standard practices apply regardless of how you structure your workplace – educate employees on security, know who is responsible for enforcing policies, and select workplace technology carefully.
However, the shift to remote work created unique challenges like employees logging in outside of the perimeter of the company’s network or legacy systems struggling to meet the scalability and accessibility needs of a remote team. To mitigate these challenges, leaders need to intentionally implement security practices that would regulate the bring-your-own-device policy and keep systems up to date.
Reviewing collaboration platforms you bring into your remote team from a security standpoint is also key to safe communication.