Next Steps in Managing a Dynamic Workforce

Tips and Tricks for Continuous Improvement

The COVID-19 pandemic has forced many organizations to make a rapid pivot to remote work. This can open the door to a variety of cybersecurity and identity issues, though. In today’s guest post Jerry Aubel of RSA offers five steps you can take to secure your business during this difficult transition.

Business disruptions can catch us off guard. Even the most diligent leaders and competent technical practitioners can’t prepare for everything. In the current environment, many organizations have had to make a rapid shift to get their workforce ready to work remotely. In some cases, this could be an easy transition. In others, not so much. The most basic functions can be challenging given the pressures of the moment, from procurement of laptops to the implementation of improved security measures, like VPN access and multifactor authentication.

Here are five steps you can take to reduce negative impacts on your organization and support your dynamic workforce.

Managing your Remote Workforce

You’ve transitioned many of your formerly office-bound employees to remote locations. Many of the things you had planned for worked. Perhaps you adopted multifactor authentication (MFA) solutions for secure access to the corporate VPN, along with sound access assurance policies. But a remote workforce creates more points of exposure and new risks emerge, like employee use of personal devices, unmanaged devices and potentially unsecure home Wi-Fi. A risk assessment of your team’s readiness to work from home once they’re live is essential. It isn’t too late to get a solid sense of your readiness and make the appropriate adjustments.

Establish Policies and Procedures to Govern the Remote Workforce

Sometimes, without the proper guardrails in place, things can turn into the Wild West, and when your teams are outside the office-based IT perimeter walls you can quickly lose control. The attackers aren’t giving you any slack; in fact, they will take greater advantage during a crisis. Training, or in most cases, re-training and awareness can remind a mobile workforce of attacker behavior and how to stay vigilant. Malicious websites are proliferating. Phishing, smishing and credential theft attempts aren’t going away, so now is the time for refresher sessions with your employees.

One other consideration is to ensure your Help Desk is prepared for the onslaught of inquiries, questions and tickets that will come their way. Although many enterprises have large populations of remote workers, some may be new to the game and have little context to fall back on with new IT processes or applications. Automation, knowledge bases and self-service portals can provide a first line of defense for Help Desk staff, but nothing beats preparedness and skill.

Establish Strong Identity and Access Governance

As you open your network to increased remote access, Strong access governance is essential to maintaining control and accountability. Some staff may have increased or changed duties and require access to new applications and resources. Regular access certifications become necessary to ensure only the right people have access to the right applications, data and IT resources. Policies such as segregation of duties and least privilege access need to be stood up, with reporting and dashboards put in place to ensure compliance. In addition, a sound Joiner, Mover, Leaver policy can prevent over-privileged or entitlement sprawl while diligent access governance can help identify and remediate issues.

Monitor the New Remote Endpoint Environment

Having a potentially dramatic increase in the number of remote employees poses challenges in monitoring a widely dispersed set of endpoints. This requires a strategy that can deliver visibility, threat detection and response, analytics and orchestration. Consider this: remote workers are likely to exhibit abnormal behaviors given the new flexibility. In an office environment, most would log into the network at a set time and log out at the end of the day – normal behavior. Now, a resource may log in to check email from home at 2:00 a.m. on a Friday when they get up with a child – not typical behavior. Having business context, visibility and analytics capability in place can help establish a new baseline of normal user behavior with a remote workforce.

Review and Update Risk Management Playbooks and Plans

Disruptions happen. Enterprises spend valuable resources on preparation and response planning to help ensure business resilience. But, as they say, a good plan rarely survives the first shot on the battlefield. And, some circumstances occur so infrequently – such as pandemics – that many organizations may not have devoted any time to it. Keep business continuity and recovery plans updated, build a culture of preparedness and test your plans frequently. Establish processes that can protect your organization, people, technology, facilities and customers.

Conclusion

As time progresses and we return to a more normal state, you may likely find the composition of your workforce has permanently been altered. The notion of a larger percentage of your teams working remotely can offer tangible benefits, but at the same time it can present challenges. An after-action review can help your organization improve continuity plans, enhance resilience and mitigate digital risk associated with your dynamic workforce.