The way the country works has changed in a very short amount of time, with many companies shifting to remote work policies to keep employees safe during the coronavirus pandemic while attempting to stay as productive as possible. Often, organizations are not experienced with such a rapid culture shift. When making that transition, they must be careful not to create any potential security vulnerabilities.
Hackers are currently attempting to take advantage of the fear and uncertainty surrounding the coronavirus, and looking to exploit potential security gaps companies may exhibit. Many companies are rolling out more open platforms than they are typically used to. Therefore, in order to protect sensitive data and intellectual property, they should consider a few key factors when implementing a remote work strategy:
Effective governance policies: Companies should implement controls that establish defined work teams and groups within the organization. These can dictate how files are shared and control who they are shared with. In addition, companies need to establish who can create those teams; and without those policies, companies can end up with multiple teams that seemingly accomplish the same function, creating confusion as well as potential vulnerabilities.
Conditional access: Access controls are critical in a remote environment, determining who can work with what programs and the conditions in which users can access files and information. Companies can typically configure access based on the devices used, whether they are on a company VPN (virtual private network) or not, and whether they are inside or outside a specific geographic area.
Multifactor authentication: Hackers attempt to access business networks of any size, and MFA protocols make it much more difficult to accomplish such a breach. MFA strategies require two or more pieces of identifying information from the user before access is allowed into a network, typically passwords, specific codes or answers to security questions. This approach has become the most effective strategy to thwart unauthorized access to remote networks, and is a key strategy to discourage phishing attacks, which have risen sharply during the coronavirus pandemic.
Each of these controls can typically be implemented on the back end of technologies that enable remote work strategies. For example, the Microsoft Teams unified remote collaboration platform within Microsoft Office 365 provides configurable identity models and governance capabilities, as well as modern authentication processes.
In this new remote world—with new threats—companies should take advantage of these existing controls before the framework expands and becomes more difficult to manage.