Apr 14 2020

How to Protect Your Network When Your Workforce Is Remote

Businesses are facing growing cybersecurity challenges as more of their employees work from home.

Times of transition can leave businesses vulnerable. Cybercriminals can find new opportunities as organizations and employees alike adjust to new environments and tools, which is the reality for many businesses right now as they shift their staffs to remote work. Security may not be at top of mind for employees grappling with new ways of working along with home stressors such as childcare, health or finances. 

Attempted phishing attacks have been so widespread that the Department of Homeland Security issued an alert to businesses. In the alert, DHS notes that security agencies in both the U.S. and U.K. “are seeing a growing use of COVID-19-related themes by malicious cyber actors. At the same time, the surge in teleworking has increased the use of potentially vulnerable services, such as virtual private networks (VPNs), amplifying the threat to individuals and organizations.”

However, there are things businesses can do to protect themselves and their data and ensure operations can continue smoothly regardless of where employees are doing their work. 

Employees Can Exercise Good Security Hygiene

Workers already play a key role in security, but when they’re operating remotely, that role grows even more important. Without in-person office resources such as IT departments, employees need to stay aware, says CDW Cybersecurity Practice Lead Jeff Falcon.

“We need to keep our radar up and alert as it pertains to phishing attempts,” he says. “This is another reminder that we have to be vigilant and disciplined as to what’s coming into our email boxes. Setting up the proper procedures and communication protocols for organizations to be alerted to suspect email is going to be imperative.” 

Responsibility doesn’t only lie with employees. IT departments also need to perform daily checks and maintenance of systems to make sure nothing has been breached. 

“Hygiene always comes into play here,” Falcon says. “Continuously scan and understand what type of activities look abnormal aside from your normal day-to-day business activities. We’re looking for signs of shadow IT, setting up rogue access servers, these types of activities.”

CDW experts discuss how to keep networks secure as employees work from home.

Businesses Should Keep Network Access Secure

One of the best ways to protect networks is to make sure that only the proper users are gaining access. Tools like multifactor authentication can ensure that only employees are getting onto platforms, says Mike Elrod, principal field solution architect for CDW.

“MFA can provide those users with secure access across all those different applications,” says Elrod, “both the virtual set and the cloud or Software as a Service-based applications too.” 

Falcon says that while the solution isn’t new, MFA does have renewed importance in the current landscape.

“It’s so critical that it’s almost the equivalent to sitting in your car and buckling up with a seatbelt,” says Falcon. “It’s that important, it’s that necessary.”

“Ensure that all users have it — no exceptions, no back doors,” Falcon says. “And if you do not have multifactor authentication in place, try to accelerate the deployment of that solution. There are now cloud-based and proven technologies in the market that can help you scale and adapt as needed.”

WATCH: Hear from the experts about how to set your organization up for successful remote work.

Device Management Is Key for Remote Work Security

One of the biggest cybersecurity challenges for businesses right now is the sheer number of devices connecting to their networks. Each employee is using at least one device to connect remotely, and many could be using two or three. Elrod says that unified endpoint management can allow IT departments to keep track of it all easily.

“A tool set like UEM can really help IT check some boxes for a remote workforce,” he says. “All these modern operating systems like Mac OS and Windows 10 have modern APIs, which means IT with a UEM toolset can remotely manage and push configurations, push permissions, leverage an MFA or a single sign-on solution — all done over the air from a web kind of environment.”

Now is also a good time for organizations to implement new concepts into their overall cybersecurity strategies. 

“We’re seeing the extension of this UEM framework to include zero-trust concepts,” says Elrod. “BYOD can exist; remote, off-domain connectivity can exist. All those tools can be built into this UEM framework and get the user up and running, make IT security happy and enable that workforce with minimal downtime.”

PfeifferV/Getty Images