Permanent Mobile And Remote Security For Workers Is An Organization’s Duty
By Jonas Gyllensvaan
As recent events combine to make remote work a more widespread and permanent part of doing business, organizations need to recognize that the security issues that accompany telework and mobile computing aren’t going away, either. More than ever, enterprises have an obligation to ensure the security, mobility and productivity of employees working outside of a traditional office.
Mobile and remote computing security isn’t a new notion, of course. The potential risks presented by people working from home or on the road have always been there. However, the Covid-19 pandemic has raised it to a new level. After all, few, if any, organizations had a business continuity plan that accounted for everyone working from home.
As the spread of the virus persists and organizations realize that teleworking offers strong advantages for employers as well as employees, what appeared to be a temporary adjustment made on the fly is becoming a more prominent — and in some cases permanent — part of operations. Tech giants such as Apple and Google have announced work-from-home plans extending to the end of the year, and Twitter notably announced that some employees will have the option to work from home “forever.” Other companies are following suit.
Business and security leaders can be certain that the new work arrangements haven’t escaped the notice of cyberattackers, be they criminals, competitors or foreign entities. As organizations develop continuity plans for now and the future, it’s critical that they put a sharp focus on the factors that go into security for mobile and remote computing.
The Elements Of Mobile Security
Companies may need to make some adjustments while enacting their business continuity and continuity of operations (COOP) plans in the current Covid-19 environment. Many of those plans were originally intended as short-term responses to sudden emergencies, and they often were built on the presumption that most employees would still be getting together in a shared space of some kind, such as a secondary office site.
In some cases, the adjustments may involve processes such as ensuring end-to-end digital steps that include an on-premises paper-based stage. (Some states ran into this hurdle trying to process unemployment claims.) However, the security and productivity of a far-flung workforce raise concerns in a number of areas. Whether it involves a technical fix or a mix of policy and user education, there are four key issues to be aware of for enterprises.
Businesses can start by ensuring that employees strengthen their passwords — not just on their laptops and phones, but on their wireless home routers and any other devices. Their home office (even if it’s at a kitchen table) is a network node and needs to be treated as such. Employees should follow good password practices for strength — for instance, making sure they don’t use the same password for all devices. Enterprises should also consider multifactor authentication for network access and establishing tiered levels of remote access. The National Institute of Standards and Technology recently updated its Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security in the wake of the pandemic response.
Employees should secure their home network with up-to-date encryption such as Wi-Fi Protected Access (WPA) or the more advanced WPA3. Turning off the Wi-Fi Protected Setup (WPS) function on the router (which connects automatically to the wireless network by sending the password on its own) is also recommended. They should also delete the guest Wi-Fi option. Telecommuting workers should do the same for phones, laptops and other devices. People working from home or on the road inevitably will use personal devices, but they should not be sharing sensitive information over voice or messaging applications that are not fully encrypted.
If you are working from home, you shouldn’t do anything that you wouldn’t do in the office. That includes yielding to the impulse to click a link in an email from anyone but a trusted source or give out personal or company information under almost any circumstance. Not surprisingly, attackers exploited Covid-19 themes in myriad phishing and other malware attacks. Phishing is still the top technique attackers use to get into networks (the recent massive Twitter hack, orchestrated by a 17-year-old from Florida, started with a spear-phishing attack). Users should be aware of phishing tactics and be strongly trained to avoid falling for them.
4. Securing The (Home/Remote) Workplace
Employees, with help from employers, should be sure to have strong antivirus and other security software installed and should regularly update software and firmware as patches are issued. Businesses can make this easy for employees using mobile phones for work (sending emails, conducting video chats, messaging, etc.) by implementing an encrypted containerized application workspace, which can be deployed throughout the organization in minutes. It separates corporate and personal data while securing it in transit, in use and at rest.
Remote work arrangements are increasingly becoming a crucial lifeline for businesses and other organizations. Ensuring the security of remote computing and communications is essential to maintaining productivity and the integrity of data. An organization’s leadership needs to recognize that the security of home offices, mobile communications and other elements of the business world’s “new normal” is the organization’s responsibility.