Many organizations have recently been forced to send their employees home to work, but few were fully prepared to move all their employees to remote work. During the past few months, many companies have been in contact with us with various questions and requests about remote security.
In our conversations with them, we’ve seen that some were prepared for this situation from a cybersecurity standpoint, but many others struggled with the sudden transition. We noticed four key challenges in particular:
- Securing home networks and endpoints
- Training employees
- Ensuring employee success
- Ensuring business continuity
Challenge 1: Securing Home Networks and Endpoints
For the majority of organizations, enabling remote work for large numbers of employees simultaneously is new. Fewer than 20 percent of companies telecommuted before the coronavirus pandemic. Of those, most had just a handful of remote workers who telecommuted, and then only as needed.
With unprecedented numbers of employees now working remotely, many organizations are experiencing an increase in cyberattacks, especially phishing or other social-engineering efforts. Protecting against cyberattacks has become an even more daunting task for organizations, as a remote workforce means having multiple workers sign on to their network via potentially unsecured home Wi-Fi connections.
Companies are discovering that it is much more difficult to secure a network and its endpoints when employees are spread throughout multiple locations than it is to secure an office where everyone is working in one place.
For one thing, many organizations are experiencing pressure on IT resources as they move to enable remote work strategies. With large numbers of employees working outside the normal perimeter, managing device sprawl, updating, patching, and securing hundreds of thousands of endpoints have become much bigger challenges for IT departments.
Challenge 2: Training Employees
Companies are also discovering that a majority of their employees are unaware of the additional new risks that come with working remotely. Most expect to work from home the same way they worked while in the office, not realizing the need to practice strict password protocol or the risks of failing to access their organization’s network via VPN– as just two examples.
IT departments have had to quickly create clear remote-work guidelines so that employees can understand what precautions they must take when working from home. Creating these guidelines, training employees, and ensuring they are complying with the guidelines, are time-consuming and not easy to implement when the workforce is remote.
CHallenge 3: Ensuring Employee Success
A third challenge organizations are facing is on a more practical level, and not necessarily directly related to cybersecurity: ensuring employees have the right tools to work remotely.
- Do they have a laptop?
- Does it have a built-in web-camera they can use for video conferencing, or should the company provide a web-camera?
- If employees are working at home with preschool age children (who could be noisy), maybe the company should provide noise-canceling headphones with a built-in mic for video-conferencing?
- Do employees have the software they need, and know how to use it? Again, a good example could be video-conferencing software – such as Zoom, for example.
Challenge 4: Ensuring Business Continuity
The final challenge faced by organizations with large numbers of remote-work employees is the pressing need to create remote work guidelines to guarantee business continuity.
- How to ensure a smooth flow of information between departments?
- How will team meetings be conducted?
- What tools/software should employees use for daily communications with their peers and for reporting to their managers?
- How do managers ensure their staff remain engaged, efficient and productive?
Creating remote work guidelines in itself is a major task that many organizations are facing for the first time.
Extending beyond the short term
While the recent experiences of remote work have been stressful for both companies and for their employees, it has forced organizations to work out ways to remain functional. Among the companies in contact with us, we’ve noticed a clear distinction in approaches: either 1) “let’s just do what we have to do in order to deal with the present situation”, or 2) “let’s put in place systems and guidelines that will benefit the organization’s productivity beyond the present situation”.
Organizations taking the latter approach aren’t necessarily planning to have all their employees work remotely forever. But, they have decided that for the long-term, putting systems in place to allow mass numbers of employees to work remotely can enhance their competitiveness. These companies believe the end results can be positive, and twofold:
- Allowing a higher degree of work-style flexibility (employees will be able to work from the office, or remotely when necessary, with no change in productivity).
- Ensuring a smoother, more consistent flow of communication (as employees and managers will have mastered how to stay in constant communication regardless of whether they are seated next to each other in an office, or working remotely from each other).
In the long run, companies that embrace the challenges of remote work, and learn how to function in this type of situation, will come out stronger than ever.
To learn more about how to set up a strong security practice, check out our white paper, Five Clear Steps to Enhance SecOps with MITRE ATT&CK.