Transition to WFH: The Cost of Security

The turbulent times of pandemic have upended the way companies see the workplace. The home office has become the new norm, even for companies that typically expected their staff to be at the office each day. 

It looks like the remote policies adopted during the quarantine are here to stay. 

Twitter and Facebook were among the first behemoths who announced their remote policies shortly after the state had imposed “stay-at-home” orders. Many companies are still figuring out the challenges, policies, and issues that come with distributed work. 

Cybersecurity challenges of working from home

We can be sure that a new era has come. The weight of transitioning and transforming businesses falls on business leaders’ shoulders as they figure out how to manage their distributed teams. 

Self-isolation and work from home is the right thing to during the pandemic. Unfortunately, the unprecedented shift to home-based without appropriate policies and employee training bears significant risks. In many instances, corporate VPNs are not designed for such a load. Employees often aren’t familiar with cryptographic tools and work through weak household routers from an unprotected home network. Moving away from standard security procedures removes all the stops for hackers. 

According to Itzik Kotler, a Forbes contributor, there are plenty of challenges in the cybersecurity that many companies face as they transition to an unsecured, distributed IT environment. The protection of assets behind the firewall means moving away from network security and developing an end-point security strategy for remote employees. Kotler says that creating such a strategy is a challenging but vital step. 

The primary concern is the scale. Last year, remote work was practiced by a considerably smaller amount of companies. In the pandemic times, companies need to adjust to the new norm and place stringent security measures for workers outside their internal network’s safety. That makes a sizable environment to secure. 

Connected devices are part of everyone’s life now. According to Statista, there are over ten connected devices per household in the U.S. Those devices are at risk of being compromised, meaning that it’s the security is not only limited by organization-issued laptops and smartphones. 

The situation is exacerbated by the fact that many employees use their personally owned devices to access corporate data and systems. This way, employees introduce new potential vulnerabilities, such as weak passwords, poorly protected home Wi-Fi routers, and infected computers of other family members.

The author emphasizes that work from home should not take a toll on security. Any company that goes remote must place stringent security policies and establish mature processes to prevent data exposure. Each remote employee must adhere to those policies so as not to put the network at risk. 

Consider the following principals and questions when strategizing your remote security policy: 

• Thorough authentication of all users and devices;
• Following the Zero-trust principle, which implies a total absence of trust to the users, even inside the network. The principle dictates that each user or device must validate their data every time they request access to resources inside or outside the network.
• Constant monitoring of activities inside the environment to identify threats early on. 

The important message here is that it’s incumbent on an organization to bring the security policies to employees’ attention. Expecting that the staff members will take the security matters into their own hands is futile. These questions will help your IT security department get off to a good start. 

• What is the total number of people working remotely?
• What their household environment looks like?
• What information do they need access to in their role?
• Are there any regulations that factor in?
• Will they be using company-issued networking equipment? 
• Who will they contact on work-related matters?
• How much control over their household environment your IT department will need? 
• Are any adaptations required to enable smooth scaling?

The most important question is, does your data and network’s integrity warrant the costs of security measures that inevitably come with the home-based transition? Security typically has a high value and largely depends on your organization size and the type of data you need to protect.