Skip to main content

COVID-19: Securing Work From Home

March 26, 2020

Organizations are rushing to enable remote access for their staff as many cities, counties and states move towards a shelter-in-place mandate. Companies and workers that are in a field where working from home is a possibility should feel fortunate to have the opportunity to do so. Optiv described three strategies for organizations that are enabling work from home: expand existing access, create alternate access methods and infrastructure redesign. Most organizations are likely performing some parts of each strategy to cope with the rapid expansion of remote workers.

ThoughtLeadership COVID 19 Securing WFH

It is important for CISOs to consider the security ramifications on a larger scale and not lose sight of their roadmap for enabling security within the organization. The factors influencing the decision-making process at this stage should be congruent with the organization's mid- and long-term objectives. In effect, by moving from a state of indecision on how to secure an expanded remote work force to executing on the existing roadmap, the choices become simpler and more familiar.

While each of the organizations Optiv engages with are at differing levels of security program maturity there are common themes in the program objectives. The good news is that the natural evolution of security enablement dovetails with providing expanded, easier to access services for employees and customers. Some of these common objectives are:

ThoughtLeadership COVID 19 Securing WFH Common Objectives

With the realization that the security organization’s objectives are still in place, valid and beneficial to the current state, executing on those objectives’ bonds existing cybersecurity principles to those projects and ultimately to the remote workforce.

ThoughtLeadership_COVID19SecuringWFH-Securing-Remote-Workforce_Blog_Image 719x553

Security awareness training – Regardless of the degree of cybersecurity controls that are put into place humans still sometimes make bad decisions. Cybercriminals are using the daily media frenzy to their advantage. Continue to provide employees with routine cybersecurity training, reminders and tips. Additional considerations:

  • Provide readily accessible documentation on how to obtain remote access
  • Publish a list of approved collaboration tools for chat and online meetings
  • Supply guidance on what applications the organization will be permitting remote access to and the timeline

Endpoint security – Review mobile asset inventories and ensure that endpoint security agents are fully deployed and updated in order to combat the increased risk of malware. Additional considerations:

  • Validate and publish the steps for remote endpoint security agent enrollment
  • Implement host validation checks to ensure a minimum standard is met before allowing access to sensitive information
  • Determine the level of access that will be permitted for BYOD

Identity and access management – Regardless of the methods that are being implemented to expand remote access proper management of user identities will be the linchpin to a successful secure rollout. The table stakes are ensuring your directory services are accurate and accessible to remote applications. Additional considerations:

  • Leverage single-sign on (SSO) dashboard for application distribution
  • Utilize multifactor authentication wherever possible
  • Enhance and expand monitoring and reporting on access to sensitive information

SecOps – The change in system access methods will shift service loads and expose new capacity constraints. Ensure SecOps management is included in business line decision planning on remote workforce enablement. The operations team will have to stay abreast of dynamic changes in traffic flows, peak operating times and new sources of telemetry to incorporate into monitoring tools. Additional considerations:

  • Determine the feasibility of including the SecOps team as designated employees to work from home
  • Coach the team on how the shift to work from home will affect operating parameters and behavioral monitoring systems
  • Ready a tiger team to implement new telemetry acquisition and monitoring for net-new applications and access methods

Download our technical WFH checklist for more actionable steps you can take to secure your organization wherever it may be in its cybersecurity journey.

Related Blogs

March 25, 2020

COVID-19: Charting the Cybersecurity Implications of a Pandemic

This series will deliver COVID crisis cybersecurity strategies, best practices and advice.

See Details

December 17, 2019

Measuring Cybersecurity ROI Part 3: Innovation, Revenue Opportunities

From Brand to eCommerce to mobile services and payments to salesforce enablement and remote work to BYOD to online banking and beyond, cybersecurity i...

See Details

October 04, 2019

Personal Security Habits – Looking Inward

Every individual’s awareness and behavior contribute to an organization’s security. While routine awareness training may seem remedial to many of us, ...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.


Privacy Policy

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.

Subscribe

Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cybersecurity Events in your area.