As remote work environments become the norm for millions of employees around the world, companies are having to pay extra attention to the technologies their workforces are using. Malicious actors have seized upon the COVID-19 pandemic, launching new phishing campaigns and adapting their social engineering tactics to prey on first-time remote workers. During the first four months of 2020, researchers at McAfee recorded a 630% increase in remote attacks against cloud service targets. This uptick in cyberattacks is particularly troubling given that cloud-based services and applications have been vital to the productivity of off-site employees during the lockdown.
Security compliance in the COVID-19 era
The rapid transition to remote work has revealed gaps in many enterprises’ network, hardware and software security practices. As more employees access private networks on their own devices, IT administrators have struggled to insulate sensitive data from cyber criminals. Organizations new to remote work had to quickly integrate a patchwork of remote access technologies and security protocols that “afforded little protection,” noted Security Magazine. What’s more, a lack of visibility and control over employee-owned devices has made it difficult to maintain continuous security compliance across all departments.
While many business leaders are optimistic that the COVID-19 pandemic is on the downswing, research from McKinsey & Company suggests the eventual return to normalcy is still a long way off. Even after the health crisis has subsided, remote work will continue to be a common practice among knowledge workers. To set themselves up for long-term success, organizations must get a handle on bring-your-own-device culture and the management of remote machines. Some key focus areas include:
- Creating security policies tailored to remote workers
- Setting standards for data encryption
- Implementing multi-factor authentication
- Integrating VPNs and network-level protections
- Establishing a proactive patching schedule
Alongside these key cybersecurity activities, companies have also used operations management tools to transform personal computers into corporate-controlled workstations. These machines are ultimately controlled by in-house IT teams, making it easier to maintain a strong security posture. For example, some remote workers routinely access and store personally identifiable information as part of their duties. To ensure data privacy regulations are upheld, companies can integrate endpoint management solutions that provide an extra layer of oversight. When deployed successfully, these management tools can help prevent data breaches, improve compliance and eliminate exploits that could lead to costly cyberattacks.
Maintaining compliance for remote machines
When it comes to security compliance for on-site hardware, companies have historically relied on in-network protections — firewalls, antivirus software, intrusion detection systems, etc. — to create a gold standard for all workstations. However, with more employees using their own devices on home networks, organizations have had to adjust their management strategies to ward off compliance issues and cyberattacks. According to the Society for Human Resource Management, companies should focus on the following areas to improve remote-work security and compliance:
- Establishing remote-work security policies: No matter how large or small an organization may be, establishing clear, documented security policies is essential to building a defensive IT posture. These policies provide detailed guidance for workers, both in-office and remote, about risky behaviors that could lead to a massive security breach. For example, if an employee were to download an infected file or unsecured application, malicious actors could use these entry points to gain access to sensitive information. Considering how widespread work from home provisions have become, companies should create security policies that are specifically tailored to remote work environments.
- Integrating a secure VPN: VPNs enhance online privacy and security by creating private networks from a public internet connection. Using these tools, employees can mask their IP addresses, encrypt their traffic and maintain compliance with internal networking policies. VPNs provide an essential layer of protection for sensitive data, ensuring remote workers can access the applications they need without putting any customer information at risk. Without a VPN, organizations could unknowingly leak PII, proprietary data or intellectual property.
- Regulating personal device usage: Even though employees have the final say when it comes to their personal computers, companies should still have some level of oversight. Endpoint management is a key part of security compliance, helping ensure each workstation is malware- and tamper-resistant. By using IT management tools, like Faronics’ Deep Freeze, organizations can control which applications users can download and ensure each computer has the latest versions of antivirus software.
Creating an effective remote-work environment requires the right set of tools, policies and IT management systems. Without some degree of oversight, organizations can suffer major losses because of their employees’ negligence or lack of compliance awareness. That’s where Faronics’ Deploy application can help.
Using Deploy, companies can monitor and control application updates and OS settings, making it easier to comply with data privacy laws and internal cybersecurity policies. Once installed, IT administrators can remote-in over the web via RDP or VNC, send batch updates and diagnose system issues with MSINFO. These activities do not require any end-user intervention, even when Deploy is installed on personal computers. With this level of visibility and control, organizations can ward off potential compliance issues and stay one step ahead of zero-day exploits.