Skip to main content

Next Steps in Managing a Dynamic Workforce

April 23, 2020

Tips and Tricks for Continuous Improvement

The COVID-19 pandemic has forced many organizations to make a rapid pivot to remote work. This can open the door to a variety of cybersecurity and identity issues, though. In today’s guest post Jerry Aubel of RSA offers five steps you can take to secure your business during this difficult transition.

Business disruptions can catch us off guard. Even the most diligent leaders and competent technical practitioners can’t prepare for everything. In the current environment, many organizations have had to make a rapid shift to get their workforce ready to work remotely. In some cases, this could be an easy transition. In others, not so much. The most basic functions can be challenging given the pressures of the moment, from procurement of laptops to the implementation of improved security measures, like VPN access and multifactor authentication.

Here are five steps you can take to reduce negative impacts on your organization and support your dynamic workforce.

Managing your Remote Workforce

You’ve transitioned many of your formerly office-bound employees to remote locations. Many of the things you had planned for worked. Perhaps you adopted multifactor authentication (MFA) solutions for secure access to the corporate VPN, along with sound access assurance policies. But a remote workforce creates more points of exposure and new risks emerge, like employee use of personal devices, unmanaged devices and potentially unsecure home Wi-Fi. A risk assessment of your team’s readiness to work from home once they’re live is essential. It isn’t too late to get a solid sense of your readiness and make the appropriate adjustments.

Establish Policies and Procedures to Govern the Remote Workforce

Sometimes, without the proper guardrails in place, things can turn into the Wild West, and when your teams are outside the office-based IT perimeter walls you can quickly lose control. The attackers aren’t giving you any slack; in fact, they will take greater advantage during a crisis. Training, or in most cases, re-training and awareness can remind a mobile workforce of attacker behavior and how to stay vigilant. Malicious websites are proliferating. Phishing, smishing and credential theft attempts aren’t going away, so now is the time for refresher sessions with your employees.

One other consideration is to ensure your Help Desk is prepared for the onslaught of inquiries, questions and tickets that will come their way. Although many enterprises have large populations of remote workers, some may be new to the game and have little context to fall back on with new IT processes or applications. Automation, knowledge bases and self-service portals can provide a first line of defense for Help Desk staff, but nothing beats preparedness and skill.

Establish Strong Identity and Access Governance

As you open your network to increased remote access, Strong access governance is essential to maintaining control and accountability. Some staff may have increased or changed duties and require access to new applications and resources. Regular access certifications become necessary to ensure only the right people have access to the right applications, data and IT resources. Policies such as segregation of duties and least privilege access need to be stood up, with reporting and dashboards put in place to ensure compliance. In addition, a sound Joiner, Mover, Leaver policy can prevent over-privileged or entitlement sprawl while diligent access governance can help identify and remediate issues.

Monitor the New Remote Endpoint Environment

Having a potentially dramatic increase in the number of remote employees poses challenges in monitoring a widely dispersed set of endpoints. This requires a strategy that can deliver visibility, threat detection and response, analytics and orchestration. Consider this: remote workers are likely to exhibit abnormal behaviors given the new flexibility. In an office environment, most would log into the network at a set time and log out at the end of the day – normal behavior. Now, a resource may log in to check email from home at 2:00 a.m. on a Friday when they get up with a child – not typical behavior. Having business context, visibility and analytics capability in place can help establish a new baseline of normal user behavior with a remote workforce.

Review and Update Risk Management Playbooks and Plans

Disruptions happen. Enterprises spend valuable resources on preparation and response planning to help ensure business resilience. But, as they say, a good plan rarely survives the first shot on the battlefield. And, some circumstances occur so infrequently – such as pandemics – that many organizations may not have devoted any time to it. Keep business continuity and recovery plans updated, build a culture of preparedness and test your plans frequently. Establish processes that can protect your organization, people, technology, facilities and customers.

Conclusion

As time progresses and we return to a more normal state, you may likely find the composition of your workforce has permanently been altered. The notion of a larger percentage of your teams working remotely can offer tangible benefits, but at the same time it can present challenges. An after-action review can help your organization improve continuity plans, enhance resilience and mitigate digital risk associated with your dynamic workforce.


    Jerry Aubel

By: Jerry Aubel

Jerry Aubel | RSA

See More

Related Blogs

March 25, 2020

COVID-19: Charting the Cybersecurity Implications of a Pandemic

This series will deliver COVID crisis cybersecurity strategies, best practices and advice.

See Details

April 22, 2020

Remote Work: Making the Culture Shift

Here are several tips that will help ease the transition to working at home.

See Details

March 26, 2020

COVID-19: Securing Work From Home

CISOs must consider COVID ramifications on a larger scale and not lose sight of their organizational roadmap.

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.


Privacy Policy

RELATED INSIGHTS

March 26, 2020

COVID-19: Securing Work From Home Checklist

The actionable steps outlined here provide the foundational support to enable and secure a WFH model.

See Details

April 29, 2020

Timeline: COVID-19 Impact on Cybersecurity

Understanding the COVID timeline helps us plan for what our post-pandemic world will look like.

See Details

April 07, 2020

COVID-19: Hardening Security Operations Technical Checklist

This checklist provides actionable steps you can take toward achieving short-and long-term SecOps priorities.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.

Subscribe

Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cybersecurity Events in your area.