For many companies, a more permanent work-from-home workforce is now a reality. The pandemic has taken the idea of working from home from a “long-range roadmap item” to a “must-do-to-survive necessity” for a large number of businesses. Fortunately, telecommuting has been a success story across a broad spectrum of industries.
But how can CIOs best support their remote workers’ security? As CIOs map out their technology plans, supporting the remote workers’ security and productivity needs is a challenge that did not exist a little less than one year ago for many organizations. Fred Cobb, Chief Information Security Officer and Executive Vice President at InfoSystems, recommends businesses consider the demands and risks of a remote workforce.
“Additional challenges relating to compliance have to be addressed by technology spend, along with policy and procedure modifications to accommodate the telecommuter while remaining compliant,” Cobb says. “For example, electronic protected health information that may find its way to the computer on a healthcare employee’s home network could lead to an expensive data breach situation.”
SaaS on the Horizon
For 2021, the push to a SaaS model for business-critical applications will be top of mind for many CIOs and technology leaders. Benefits of SaaS include risk transference for uptime and, in some cases, risk transference for securing data at rest.
“Next year will see a continued increase for virtual private network (VPN) capabilities as the employee home network becomes an ever-increasing extension of the corporate network,” Cobb says. “As the corporate network continues to grow tentacles with VPN connections to home environments, it is more important than ever to have strong governance within policies and procedures.”
Cobb recommends revisiting and updating acceptable use policies, standardization and hardening of machines now within the employee’s home environment, internet usage policies, social media usage policies, decisions around allowing split tunneling, and much more.
Monitoring & Security with a Remote Workforce
As CIOs plan ahead, it’s crucial they consider cloud-based web content filtering in the event VPN connections are not universally used for outbound internet connections.
“Cloud-based antivirus solutions based on AI — versus traditional AV heuristics that do not require updates from a centralized management console back at corporate HQ — will be a requirement going forward,” Cobb says. “Additionally, the enforcement of multi-factor for critical applications including email is a must, particularly with a mobile or remote workforce.”
In some cases, depending on industry and the level of oversight required of the telecommuter, CIOs may need to budget for endpoint monitoring software that can track the employee’s surfing habits and surfing times, time spent in business applications required to perform work, and other monitoring aspects and metrics that can be used to gauge the employee’s productivity.
Need help assessing your remote workforce security? InfoSystems provides free cybersecurity risk assessments. Contact us to get a baseline for understanding your needs and how to plan and adapt to a remote workforce.