• July 9, 2020

What happens when remote work becomes permanent?

As someone responsible for IT security, March 15 brought about a huge change in my department. With the pandemic closing offices and forcing people to stay home, I suddenly had to think about what it means to implement IT security for thousands of remote workers, instead of a handful of office spaces. And as uncertainty about the virus mounts, businesses across the globe are settling in for a long period of remote work, with some closing offices permanently for an entirely remote workforce. 

At this point, many businesses have already implemented a short-term remote work strategy to support their employees. But as remote work becomes permanent, many of these strategies may need to change. Below, I’ve outlined some considerations for a permanent virtual workforce. 

1. Create New IT Cybersecurity Policies

With more remote employees, it’s important to update your company’s cybersecurity policy to be relevant to the current workforce. Make sure that the policies reflect issues that employees will encounter when working from home, such as unsecured internet. 

2. Educate

Most people don’t understand the implications of poor cybersecurity practices. That’s why it will be important to engage them in cybersecurity education. Instead of assuming they’ll read forms, create regular training sessions that will get employees thinking about security, and will keep them updated on new policies and threats. Create a session about the new policies, considerations, and threats that may arise when working remotely. Then, continue to have quarterly sessions to boost awareness of security measures. 

3. Implement Multi-factor Authentication

MFA for IT departments should be a core component of their security policies. As more devices are automatically outfitted with MFA and more people work remotely, now is a good time to upgrade passwords. This will increase both network and device security for individuals, while still allowing for a good user experience.

4. Evaluate and Upgrade your VPN

None of us expected to have to configure a secure network with thousands of people all working from home on non-secure home internet connections. This is the time to evaluate your VPN to see how it is handling the load, and upgrade if necessary. If your VPN is up to the task, consider how you can implement more in-depth monitoring and how you can secure your connections even more.

5. Assess Security on All Systems

This is a time when all information security departments are finding out what works, what doesn’t, and what needs to be upgraded to perform at the standards that people demand. This includes communication tools, video conferencing tools and calendar tools, as these will now be more important than ever. But security needs to be a part of that evaluation. As you implement new and different ways of communicating, examine the level of security of these new systems. 

Security and safety has become paramount over the last few months. Businesses have relied on remote working to keep their employees safe, and may need to continue to do so indefinitely. This is also the best time to consider the safety of your organization. Long-term remote working requires a new set of cybersecurity protocols to ensure the continued success of your employees and business.

Adam Glick

Adam Glick 1 Posts

Adam is currently the Chief Information Security Officer for Rocket Software in Waltham, MA. Previously, he was the Vice President of Cyber Risk for Brown Brothers Harriman where he focused on program, policy, controls, threat intelligence, and incident response. Prior to this role, he was the Vice President of Information Technology and Information Security Officer for Century Bank for 5 years. His responsibilities included operationally managing all IT systems and all matters pertaining to information security, risk, policy and procedure. Adam is currently an adjunct professor at Boston College in the cybersecurity policy & governance program, and an adjunct professor of IT in the MBA program at the School of Business at Providence College. Prior to these roles he worked as a Security Engineer at Brown University and a Security Analyst at Providence College. He received both his undergraduate degree in education and his MBA from Providence College. Outside of the office, he is a car and technology enthusiast along with an avid reader, hiker, cyclist, and Brazilian Jiu-Jitsu practitioner.

0 Comments

Leave a Comment

Your email address will not be published. Required fields are marked *