Ensuring the Cybersecurity of a Remote Workforce

As the COVID-19 pandemic continues to grip the globe, many companies are finding it necessary to transition from on-site to remote work – and experts warn this could be the new normal for the foreseeable future. Is your company ready to make the switch securely? Castra has some tips on making the transition with cybersecurity in mind.

The New Normal

Under ideal conditions, transitioning from on-site to remote work usually takes six to 12 weeks, so companies forced to make the switch immediately may find they are not adequately prepared. Facing issues like a lack of equipment and policies, insufficient broadband access, missing or inadequate software, appropriate cybersecurity measures and more makes the task a daunting one.

However, with 56 percent of companies worldwide already allowing remote work in some measure, it's likely a transition many companies may make permanent down the line. In addition to being good for the environment, offering more flexibility to workers, and broadening the prospective talent pool, there's a cost-benefit to working remotely. It's reported that companies could save more than $11,000 per employee by allowing remote work, at least part of the time. 

Considerations for Making the Switch

It’s time to take a look at your telecommuting policies to ensure you are ready to shift your workforce from office to remote. Here are a few things to take into consideration:

  • Essential vs. nonessential personnel: Who in your company needs to be on-site each day in order for your business to continue to function properly? Have you let them know they are essential, and what will be expected of them?
  • A secure connection: Does that mean VPN access and a company laptop? Have you provided access to all employees that will now have to work remotely? Have you tested their access to be sure everyone has what they need?
  • Collaboration tools: Are all of your files on a local server at your office? Having to take your work remote may make working on those files challenging for your staff. Maybe now is the time to invest in some collaboration tools like OneDrive for Business, Microsoft Teams, Slack, GoToMeeting, or LogMein.
  • Work times and telecommuting policies: It's important that everyone works defined days and is online at defined times to make collaboration easier. One way to stay connected is virtual check-ins at the start and end of each day to be sure everyone is safe, on the same page, and on task.
  • Additional stresses and challenges: While there are certainly benefits to working from home, there are also challenges, especially during a stressful time like this. Do you have a mechanism to check in with staff remotely so that you can be proactive about their mental wellness? Are there services available to staff members who might be having additional worries and concerns during this crisis?

It is also important to be sure your staff has a safe and distraction-free work zone. Does each of your staff members have a safe place to work from with minimal interruptions and distractions? Consider conducting some practice drills before going fully live with working remotely to test each of these considerations.

Cybersecurity Remote Essentials

We’d argue that one of the most important considerations for working remotely is the security of your network. There are several security questions companies must answer as they go remote:

  • How will you assure the identity of a remote worker?
  • How can you ensure that actions or messages are authentic?
  • How will you assure that an asset connecting to the internal network is trustworthy?
  • How will you protect the internal network from an external asset?

In answering these questions, many companies are turning to “zero trust,” which assumes bad actors are already in the system and promote a bare minimum access model to prevent escalated intrusion. But, is zero trust right for you? Transitioning to a zero-trust network demands investments in security management and identity management. It also demands unique identifiers for people, devices, and machines, which cannot be done at a moment's notice. Certainly, it was not intended to be an emergency business continuity plan.

It's also important to consider the limitations of VPN access. VPNs and virtual desktops have finite capacities, and their use can lead to latency issues and bottomed-out productivity. Experts advise that they should only be used for a small group of employees who need access to on-premise services. Meanwhile, bad actors will continue their traditional cyberattack methods like phishing emails, to which employees could be even more susceptible to working within a remote-access environment. 

Transitioning your workforce to a remote environment can make your head spin. What should your company do to prepare for the inevitable? Castra is here to help. Contact us for more information on how we can help meet your remote access needs securely and effectively.