Actu
How Employees Can Securely Work Anywhere
June 2020 by Anurag Kahol, CTO, Bitglass Nouvel auteur
The recent outbreak of coronavirus has impacted businesses all around the world, shifting the workforce to work remotely, where possible. With this shift, it’s painfully clear that not all companies are prepared for their employees to work remotely at the drop of a hat. The truth is, there are many reasons why a company may need its employees to be able to work from home with little notice – for example, a snowstorm or hurricane, terrorist threats that prevent people from commuting, or even strikes on public transportation workers. Some companies may need their employees to continue to work through such an instance, using either corporate equipment or employees’ personal laptops and mobile phones. While remote access greatly benefits productivity, if the organization is not equipped with the proper security tools, it leaves them vulnerable to a number of threats. This article will share what organizations can do to ensure their employees are working securely from any location, no matter what disruptions may arise.
How companies can prepare for the unthinkable
Organizations that maintain onsite workforces encourage employees to work through VPNs and access the corporate network and cloud resources from managed devices that have software agents, like mobile device management. These approaches can create a number of latency issues which make it difficult to deploy and track all web traffic on the users’ devices – including their personal applications. Furthermore, this approach is outdated as it invades employee privacy and violates compliance frameworks such as the General Data Protection Regulation (GDPR).
Organizations that previously did not have the proper technology in place should discuss how they can adapt to handle any future incidents where employees cannot physically come into the office. Bring your own devices (BYOD) policies allow employees to work from personal devices, like their mobile phones, as well as work remotely. With BYOD, companies can be sure that employees can get the job done no matter what unforeseen incident hits them.
What companies need in a cybersecurity solution
There is still a risk of potential data exposure when employees can download and share from personal devices, remote locations, and unsecured networks. As such, it is essential that the below security controls are in place when companies implement BYOD and grant employees to work remotely.
Visibility and Control Over Data
It is critical that organizations maintain visibility and control over data as it is accessed by unmanaged devices. Without the ability to see and control user activity on personal endpoints, organizations may deal with unauthorized data access, malicious external sharing, and an inability to protect downloaded data when employees lose their devices or have them stolen. Additionally, organizations should use data loss prevention (DLP) tools that prevent data leakage by identifying and controlling sensitive data-at-rest and upon access. With visibility and control, organizations can ensure data does not get into the wrong hands and lead to a breach or potential exposure.
Identity and Access Management
Identity and access management, such as multi-factor authentication (MFA) or user and entity behavior analytics (UEBA), must be utilized as they can detect abnormal activity and address mobile security threats. MFA requires a second form of identity verification that authenticates identities to ensure the user is who they say they are. After inputting their passwords, users are offered to verify their identities once more through an SMS token sent via email or through a text message. UEBA learns behavior and collects a detailed report on every user to be wary of any suspicious activity. For instance, if a user usually logs in from New York but signs on from San Francisco (especially when strict travel restrictions are in place), it will send an alert to ensure the user’s account has not been compromised. At the very least, single sign-on (SSO) should be implemented, as it securely authenticates users across all of an enterprise’s cloud applications.
Agentless Security
Agentless security is another must for protecting corporate data on personal devices. Agent-based tools that demand software installations on personal devices disrupt user privacy and harm device functionality. Mobile device management (MDM) for example, holds more data than employees realize including login credentials in plain text. Additionally, when MDM wiping capabilities are used to remove corporate data, everything is deleted from that device including personal pictures, contacts, and more. With agentless tools, IT gets the security and compliance needed while the user does not feel invaded. Companies that are not prepared in advance for an abrupt remote workforce change can take advantage of agentless security at any time as it does not require any installation on the end devices themselves – which is impossible to do under quarantine conditions.
With so many unexpected factors, companies must be prepared for their employees to work remotely at any given moment. Some incidents, like extreme weather or a global pandemic, are out of anyone’s control, and emergency work continuity and security plans should be discussed to protect the company from malicious threats and the need to halt their operations. Enabling a remote workforce securely with BYOD is a huge business advantage, especially when the unthinkable happens.
