Remote Work Security Plan
Chuck's Cyber Wall
Building a Remote Work Security Plan can be a struggle for small and medium-sized businesses who want to take advantage of work-from-home options. Previous to 2020, there had been a growing shift towards remote work, but no one thought that the pandemic would last so long or that remote work would be quite so popular with both employees and employers. In fact, studies show that only 8% of remote employees that have worked from home want to return to work full-time, and 87% of all workers say they want to work from home at least one day a week.
Overall, when employees can work from home, productivity is up, absences are down, and morale is high. It is understandable, then, that small and medium-sized businesses want to take advantage of this option. Not that in-person work is going away – many companies are adopting a hybrid remote work model where employees come into the office some days and work remotely on other days.
With benefits to employee health, work-life balance, easing traffic in many areas, and smaller office space requirements, it works for massive corporations down to tiny startups. The rapid evolution of collaboration tools and the necessity to learn them during the pandemic jumpstarted what would have otherwise taken years of adjustment.
But this quick evolution has had a cost.
CYBERSECURITY PROBLEMS
We’ve all heard about the significant increase in cybersecurity attacks over the past few years. With an increase in automated phishing and malware scams, no one has been spared attack. And yet, many organizations, especially small businesses, still have the same remote security they had to piecemeal together when employees first needed to work from home. Because most of the concern at the time revolved around functionality, security became an afterthought.
Currently, the average data breach costs nearly $4 million, and almost 60% of small businesses that experience a breach close their doors within six months. With this in mind, it’s critical for companies with remote workers to develop a Remote Work Security Plan.
“But we have a VPN.”
During the pandemic, VPNs were by far the most popular security solution implemented for remote workers. But that’s not enough. Whether it’s poor cybersecurity practices or an employee clicking on the wrong thing, a breach is only one mistake away without a remote security plan.
THE UNMANAGED VULNERABILITY
Most current cybersecurity strategies assume that employees are connecting onsite using business devices. With remote users, security models assume they log through a corporate VPN when connecting to work systems, again using business devices. But in the small business world, cloud-based services like Office 365, GSuite, and DropBox make it possible for employees to do their work through these tools without logging into a VPN. And if users aren’t logging into them, they won’t know if there is a problem. A VPN account without multifactor authentication that is not monitored regularly or managed as employee roles and statuses change is a significant liability.
In addition, this potentially gives employees access to sensitive information on unmanaged devices.
If that thought is not keeping business owners with remote workers awake at night, there’s a problem. In today’s evolving cybersecurity landscape, there are new threats every day. Unmanaged devices may not have security updates, antivirus protection, basic access security, or other requirements to secure sensitive data.
Instead of crafting a strategy to prevent a breach, it’s time to assume a breach is inevitable and adopt a zero-trust security policy.
THE UNMANAGED VULNERABILITY
Most current cybersecurity strategies assume that employees are connecting onsite using business devices. With remote users, security models assume they log through a corporate VPN when connecting to work systems, again using business devices. But in the small business world, cloud-based services like Office 365, GSuite, and DropBox make it possible for employees to do their work through these tools without logging into a VPN. And if users aren’t logging into them, they won’t know if there is a problem. A VPN account without multifactor authentication that is not monitored regularly or managed as employee roles and statuses change is a significant liability.
In addition, this potentially gives employees access to sensitive information on unmanaged devices.
If that thought is not keeping business owners with remote workers awake at night, there’s a problem. In today’s evolving cybersecurity landscape, there are new threats every day. Unmanaged devices may not have security updates, antivirus protection, basic access security, or other requirements to secure sensitive data.
Instead of crafting a strategy to prevent a breach, it’s time to assume a breach is inevitable and adopt a zero-trust security policy.
ZERO-TRUST SECURITY
For the past year, cybercriminals have been focusing on home networks and automated attacks. This means that attacks are much less targeted and more opportunistic – a combination that puts small businesses directly in the crosshairs. The best way to defend against this is to assume that employees are the weakest link in any security strategy.
Establishing Zero-Trust Security begins with treating everyone with access to your network as a potential threat and:
- Implement policies that require employees to use only business-issued devices to access sensitive information systems
- Provide users with the minimum privileges and access required to do their jobs
- Require strong passwords and multifactor authentication on every system where it’s available
- Monitor access logs to look for potential threats before they evolve into breaches
- Train employees to recognize cybersecurity threats
These best practices will help small businesses develop a long-term Remote Work Security Plan and provide some peace of mind in an increasingly dangerous digital world.
FINAL THOUGHT
The reason not having a Remote Work Security Plan is so dangerous is that vulnerabilities get ignored. Small business owners, managers, and employees are always busy, and without a plan, it’s easy for things to be forgotten. We are all only one vulnerability away from a data breach.
If you have questions or want some assistance in building a Remote Work Security Plan, CLARK can help. Contact us at 301-456-6931 or send an email to [email protected] for a free quote.
Director of Cybersecurity and Marketing
I’ve always had a love of working with technology, being fortunate enough to have grown up with a grandfather who taught me how to fix things for myself and not be afraid to jump in and get my hands dirty. Over the last three decades, I’ve worked as a technician, trainer, technical writer, and manager in small businesses, enterprise organizations, and government. In addition, I’m an author, having published multiple works available online and in print. You can find my creative work at https://WritingDistracted.com