Last updated at Mon, 13 Apr 2020 13:45:44 GMT
As companies respond to COVID-19, many require their employees to work from home. This migration of the workforce places the onus on these organizations to ensure information security stays at the forefront of everyone’s mind. Remember, home networks bring a new set of risks when compared to the relatively secure technical infrastructure of the office.
At Rapid7, we recently implemented our own work-from-home policy due to COVID-19. This process provided a few meaningful insights to our team, which we felt were worth sharing. After all, as industry leaders in the cybersecurity space, our customers rely on us to ensure their own WFH transition happens in a secure fashion.
We recently produced a webcast with a few of our senior-level SecOps and IT professionals discussing the best practices on remote work readiness. Here are some of their insights to help your company’s staff work from home with minimal risk:
The most important security action items when implementing remote work
There are several critical tasks companies need to complete when transitioning to a work-from-home policy. These include:
Requiring multi-factor authentication for access to the corporate network and cloud services. This is important due to the myriad devices and untrusted endpoints used for login. If your company doesn’t currently use MFA, implement it immediately.
- Increasing VPN capacity to handle the additional throughput due to the increase in remote workers. Testing the VPN beforehand is also essential.
- Producing a best practices document to help employees optimize their home networks. This includes security considerations, as well as segregating home traffic between work and family usage.
- Implementing strong password policies in concert with multi-factor authentication. Use NIST guidance for password creation, while keeping passwords in sync across all devices used to log in to the corporate network.
- Ensuring all endpoints and company applications stay up-to-date with the latest patches and updates.
- Monitoring remote endpoints accessing corporate technical resources.
- Providing information security awareness training for all employees.
In the end, these are all straightforward items able to be completed by any company’s IT and SecOps personnel. This approach ensures the organization’s network infrastructure stays protected for however long remote working continues.
Handling company communications and messaging when remote working
Keeping employees informed and part of the team is critical during times like these. When nearly everyone is working remotely, regular corporate messaging becomes vital. All company messaging should be clear and concise, and you can ensure communications are easy to find by leveraging multiple tools, including Slack and email.
It’s also vital to have help desk empathy for remote workers, and companies ultimately need to over-communicate with their employees.
Successfully aligning IT and SecOps
Seamless collaboration between IT and SecOps helps ensure an easy transition and efficient operations when remote working. For example, the Rapid7 IT team had to quadruple the company’s VPN capacity in only 48 hours to support 1,600 employees working from home. Doing this required teams to break down silos through the shared ownership of critical tasks in order to allow teams to continue to work closely together.
Agility and collaboration are vital to help your team achieve the information security triad of confidentiality, integrity, and availability. This agile approach also helps everyone identify and react to issues as quickly as possible.
Changes in the cybersecurity industry due to COVID-19
There will undoubtedly be both short- and long-term changes to the cybersecurity industry due to the COVID-19 pandemic. Here are a few to anticipate:
More comfort hiring remote workers. This looks to be a game-changer for information security staffing, with the potential to greatly increase the candidate pool for qualified cybersecurity professionals. Remember, companies still find it difficult to source and hire these in-demand tech pros.
- Increased use of collaborative communication tools. Tools such as Slack and video conferencing make it easier to manage remote workers, while making them feel part of the team. Companies will now become more comfortable with the BYOD model for devices accessing the corporate network.
- More dispersed network infrastructure. This requires companies to be more vigilant with managing different endpoints and dataflow.
Ultimately, companies transitioning to a remote working model need to craft an employee WFH guide. This covers the optimization of home networks and installing mobile devices and laptops with the corporate applications.
At the corporate level, right-sizing VPN capacity is essential in tandem with monitoring network usage and making adjustments as necessary. Creating a business continuity plan as a repeatable process gives any company the remote work readiness to let it thrive no matter the scenario. Cybersecurity firms also need to consider sharing this plan for use by their customers.
If you are interested in learning more about how to make remote working both secure and productive, check out our webcast on this topic. Rapid7 stands ready to help your organization thrive during these difficult times.