Remote Work Security
The transition to remote work was swift. Leading up to the pandemic, organizations quickly re-prioritized their to-do lists to ensure that their work from home strategies were as robust as possible for the entire workforce. In many cases, capacity and performance were top of mind to guarantee that the business could continue operating at a normal pace, even if security and supporting IT processes fell behind.
As we begin to emerge from the pandemic, it is time to certify that the processes and technologies currently deployed not only allow your business to operate, but also keep your systems and data protected.
According to the IAPP and EY report, Privacy in the Wake of COVID-19: Remote Work, Employee Health Monitoring and Data Sharing, “Of the organizations that have adopted new WFH tech, nearly 60% has accelerated or bypassed privacy/ security review.” (See their chart below.)
Question: Has your organization had to expedite or skip privacy or security reviews of new technologies or vendors as a result of COVID-19?
Remote Preparedness Activities
Consider performing these activities to confirm that you are not only prepared for continued near- and long-term remote work, but also for future business disruptions that may require quick transitions to work from home environments.
- Perform a retrospective assessment of the transition to remote work to identify successes and develop a roadmap to address areas for improvement.
If a second wave occurs, what would you want to keep doing, stop doing, start doing, or change? For example, many organizations found remote onboarding and termination to be challenging. Assets such as laptops were not consistently in compliance with the imaging policies before they were deployed, nor were they all properly accounted for in asset inventories. In most cases, the logistics of getting equipment to remote employees was complicated. Would virtual desktops or application streaming be easier than managing the shipment and retrieval of hardware?
- Perform vulnerability scanning, penetration testing, and security configuration reviews (i.e., health checks) for remote work tools that were rapidly deployed.
One common theme during the national shut down was the need for data loss prevention tied to virtual desktops. This includes virtual private networks (VPNs), multi-factor authentication (MFA) tools, voice-over-IP (VoIP) technologies, mobile device management (MDM) platforms, remote desktops, remote incident response tools, and collaboration spaces.
- In preparation for future business disruptions, thoughtfully implement new technologies and processes for continued remote work.
Review the results of your assessment to determine what you need to implement and think about what support is required for these new technologies and processes. Do team roles need to be realigned to support new processes?
When considering new technologies, ensure that you have clear and consistent criteria to vet the security, capacity, and performance, and then ensure that those requirements are documented in contracts and service level agreements.
Interested in learning more about managing post-pandemic risks and requirements?
Download our guidebook for a roadmap for leaders to decisively deploy actions that correspond to the shape of the future state economy, all while mitigating new and emerging cyber and operational risks.