Across the globe, organizations’ precious security perimeters were demolished by the emergency shift to a remote workforce. In many cases, ensuring business continuity was more of a priority than cybersecurity.
More than a year later, many organizations aren’t looking back, allowing for increased telecommuting, or even encouraging remote work in order to down-size on expensive corporate real estate. But not all organizations have backtracked to ensure their remote work environments are secure. What’s more, as pandemic-related restrictions begin to lift, employees may opt to work from a number of different locations beyond the office or their homes, as travel becomes feasible for work and pleasure.
And with systems programmers and database administrators joining the remote work bandwagon, the mainframe could be exposed to a host of risks. IT teams are up against it, working each day to ensure that no one can weasel their way into their networks via the following open doors.
- Lack of cybersecurity awareness or fortitude: From carelessly discarding printed materials including confidential information, to leaving laptops powered-up and connected when away, or even being overheard during meetings, operating outside of the office, all exposes employees to greater threats and distances them from daily security awareness.
- Personal computers: In the quick shift, many organizations may have been unable to send out internally configured laptops. As a result, employees may still be accessing company information via devices with previous infections. These viruses could penetrate the networks this device connects to.
- Poorly configured WiFi: Let’s face it, many of us don’t secure our home networks with the level of caution that a business would in an office. And we don’t always stay on the pulse of the latest software updates. As a result, the bad guys can take advantage of known exposures on these routers and break-in.
- Increased use of cloud-based platforms: Many organizations introduced new platforms – largely for collaboration – too quickly, without properly vetting them for security standards. Cloud-connection always opens additional threat vectors. Even the massive companies doing their due diligence can experience errors that let hackers in.
How can teams secure their dispersed organization? First, the distribution of PCs configured in-house is critical. If someone is able to gain access, these PCs typically won’t allow various programs or actions to run without administrator access. Equipping these PCs with virtual private networks (VPNs) also provides a secure connection to corporate networks, one that would be tricky for hackers to access if they got onto the device.
Cyber security awareness and education is also more important than ever. Organizations that deal with personally identifiable information (PII) – especially those in healthcare, finance and government – should be particularly diligent in training employees, as they need to align with compliance regulations. Even though these organizations face similar risks as others, the stakes are higher. Not only is the content of their data highly sensitive, but they’re also subject to strict compliance regulations.
A consistent training program can help employees better understand the types of exposures they could introduce to the wider IT environment and the repercussions that would result. To ensure learnings become practice, organizations should also require all remote employees to sign a yearly cyber security contract, including obligations such as shredding all confidential materials, owning a storage space with a lock, developing a user-password and turning off your device each day after logging off.
As much as the increase and remote work can positively impact employees’ work-life balance and access to opportunities, dissolving an organization’s cyber perimeter poses threats to the IT environment. These threats are not impossible to mitigate, but organizations need to put-up the proper defenses.