The global exodus of employees from the office to their homes has placed unprecedented pressure on IT and security teams to ensure the transition is as streamlined as possible. However, the sudden change in the working environment is triggering a new set of challenges that arise from managing a remote working team without traditional protocols.
As such, security practices need to be re-prioritised to accommodate changing work conditions. The recent CISO Lens Benchmark 2019 report found identity and access management (IAM) to be a top priority among cybersecurity executives – an area of increasing importance now that networks are being accessed remotely. Below are 3 tips on how employees can continue working productively while staying safe regardless of where they work from.
Protect your business at the point of entry
An organisation's network acts as the lifeline of the business by facilitating the flow of information. Its safety is critical to ensuring business continuity within and beyond the office. However, every point of entry to the network can be targeted for malicious activity. As such, these points must be protected by validation and authentication practices tailored for a mobile workforce. That is why businesses should consider deploying identity and access management solutions to keep hackers from entering the system.
Additionally, IT teams can expect to manage an increased number of entry points under remote working conditions as employees may prefer to work in a public space (if allowed), connecting to a public Wi-Fi network and therefore no longer protected behind a firewall.
Utilising a virtual private network (VPN) that is layered with multi-factor authentication (MFA) will extend the corporate security perimeter whilst safeguarding the point of entry. Other point of entry requests may originate from the use of personal devices and application logins that also must be validated using an identity tool to ensure the safety of your business.
Reduce the amount of passwords
Poor password hygiene remains a huge security problem for organisations of all sizes. Small-to-Medium businesses are the most vulnerable to this form of attack, with each employee having an average of 85 passwords. Every password represents an entry point to the business and if they are not managed correctly, the risk of cybercriminals finding a route in is significantly increased.
Password authentication technologies such as single sign-on and password managers offer to reduce and remove passwords from the employee login experience. This reduces the risk of weak or stolen passwords – which are responsible for 80% of data breaches. Using a password manager to eliminate such risks while securing, encrypting and storing essential employee credentials is a highly effective way of thwarting attacks.
Build contextual awareness
Minimised visibility over employees also means IT teams need to be vigilant about each login. They need to be aware of the context of the login and consider variables such as time, device or location. Questionable factors such as logins originating from a country you do not operate in or an unknown device warrants further investigation. This can obviously get overwhelming, so having a contextual authentication policy in place can restrict access based on customised specifications. Within remote working conditions, contextual authentication offers greater flexibility and tighter control of logins.
In addition to IT security, organisations must prioritise implementing tools enabling remote access. For a frictionless and secure experience, remote access solutions provide employees the ability to instantly access their computers and manage IT or update applications from anywhere.
Transitioning from office to home can leave many areas of an organisation vulnerable to malicious activity. Exploitation of these weaknesses in an organisation's security posture will interrupt workflow, productivity and business outcomes. Hence, it is essential for business leaders and IT teams to prioritise authentication protocols when managing a remote team.
For more ways to mitigate security risks for your remote working team, visit LastPass' guide to modern identity management.