Cybersecurity for remote teams: A step-by-step guide to infosec operations

BY
Praveen Yeleswarapu
.
July 26, 2021

Even before the COVID-19 pandemic forced hundreds of thousands of office-goers to work out of their homes, remote working was starting to gain a foothold in the work sphere. Telecommuting, working out of coffee shops and global travel led to many tech-savvy employees gaining working knowledge of cyber safety. Most people know by now not to work on important documents using an unsecured public network.

But cybersecurity when working remotely goes several levels deeper than that. The risk of a data breach remains highest when employees work remotely, and must be addressed thoroughly.

About 54% of Chief Information Security Officers (CISOs) worry about data breaches and cybersecurity threats, whereas 45% of leaders have concerns regarding a malware attack on the company’s confidential data. CISOs can ensure security when devices are within the company’s network, but ensuring the safety of these devices becomes somewhat fraught with challenges when it comes to remote work. It proves challenging to sustain a cyclic changing mix of remote workers and office workers, home and company devices.

What’s more, before the COVID-19 pandemic accelerated digital transformation worldwide, the IT framework of many companies was only adequate to support a small percentage of their employees working remotely, at best. Their hardware, software, and security measures had to suddenly grow to support the entire company working at home and logging into the system with VPNs, or virtual private networks.

A closer look at what cybersecurity for remote teams entails

Remote teams who lack the adequate security setup risk not only their personal computer systems and devices, but also those of the company through sharing of files and other information.

Often start-ups, lacking the budget to provide every employee with a computer or laptop, have an “own device” policy. In such cases, there should be established safety guidelines and policies about logging into the company network.

Security At home

1. Home Wi-fi and router security:

Home wi-fi networks must always be password-protected and equipped with a long, strong, difficult to guess password. Similarly, the router password should be changed when the router is first installed. If this is not done, the home wi-fi network stays vulnerable.

Updates and patches must be installed as and when they become available.

Employees should be aware that if they use unsecured wi-fi networks belonging to coffee shops or internet cafes they could be putting sensitive information in the way of individuals who continually scan unsafe networks for the same.

2. Virtual Private Networks (VPN)s:

VPNs assure privacy by encrypting all internet traffic when you are working online, which renders it unreadable should someone intercept it. It is recommended that employees working from out of office should log in using a VPN.

The Big Guns: Firewalls, Encryption, and EDR

1. Firewalls:

Firewalls are usually built into the operating systems of various devices, so they are likely to be present from the beginning. They may not be at par with the customized firewalls many companies use, but they should be adequate. Router firewalls must be enabled in order to function.

Firewalls pose a barrier for malicious programs that try to enter computer systems. Firewalls being present in employees’ devices help keep malware out of the company’s network as well.

2. Anti-virus software:

After firewalls, anti-virus software forms the next line for defence. Should any malware slip past the firewall, anti-virus software can detect and block it, if the malware is known to it.

Mobile security solutions should also be equipped with antivirus as well as endpoint detection for team members who regularly share data using mobile devices.

3. Encryption:

With remote teams sharing documents and files back and forth, any sensitive information must be encrypted before it is sent. To this purpose, companies must ensure that the latest encryption tools are installed on their devices. If this is not done, the teams must tap mainstream messaging programs that come with end-to-end encryption.

4. Endpoint Detection and Response:

Of all the response models mentioned here, EDR offers the greatest chance at immediate threat detection and prevention, a must-have in a world where zero day attacks and ransomware attacks are becoming quite common.

For more information on EDR, please refer to this article.

Good Employee Practices For Cyber Safety:

  1. Regularly backing up data just in case of a data breach:

Just as teams’ home devices may lack the strong firewalls, versatile anti-virus software and other components of business networks, they may also lack the built-in automatic backup systems. Therefore it is good practice to maintain a backup record of important data on the cloud or in a secure location, so that all is not lost in case of a cyberattack.

  1. Two-factor authentication and two-step verification:

Strong passwords are a must, but it may happen that a team member’s credentials are stolen during a data breach. In such cases, two-factor authentication can build an extra barrier between the cyberattacker and information the employee handles. The two-step verification process typically involves a secure key sent to a secondary location, such as via email, phone number or text. This way, the employee is also made aware of an attempt to log in using their credentials.

  1. Biometric login:

Biometric login, such as a fingerprint scan, is another great way to securely lock and unlock devices like mobiles or laptops.

  1. Locking unattended devices:

Unlocked devices lend themselves to every kind of mischief from a prank text or social media post, to exfiltrating sensitive or confidential information. Locking unattended devices should be a mandate for all offices with remote teams.

  1. Detecting phishing attacks:

Phishing tactics keep on evolving, making it very difficult for the untrained eye to spot a phishing email or a fake alert. During the early days of the COVID-19 pandemic, there was a slew of phishing emails with a coronavirus theme. Cybercriminals sent out these emails while impersonating health institutions, governments, and other believable authorities, leading to people clicking on the embedded links. .

Policies For Cyber-Compliance

Every company that uses digital technology must draft a document outlining a cyber-compliance policy to be circulated among its employees. The policy must explain clearly all the mandated security protocols as well as the consequences of policy non-compliance. All employees must be held to it. Some organizations also track their employees’ online activity using remote monitoring systems to ensure that they are complying with the remote work cybersecurity policy. In such cases, it should be made known to the employees at the outset that their activity will be tracked for compliance purposes.

In addition to this, a “zero trust” approach which places a great emphasis on verification and authentication of every remote access request is great to have. It works on the assumption that each remote access request originates from an uncontrolled network, and incorporates the necessary checks and balances for authentication prior to approving it.

Other good practices include performing threat monitoring on remote work/ cyber collaboration tools, choosing the safest ones, and making them the official modes of collaboration between remote teams. Use of all unauthorized tools must be discouraged.

Remote working, at least in part, seems to be here to stay. Therefore, organizations must strategically develop a cybersecurity infrastructure that protects sensitive data and its other interests in the new, as well as the next normal.

What CISOs Can Do

CISOs need to follow a specific approach to ensure cybersecurity and hybrid work. Additionally, they should veer their attention towards cybersecurity during remote work when strategizing cybersecurity issues. Here are a few suggestions that CISOs can follow when transitioning to hybrid work arrangements:

  1. The scanning and troubleshooting of office devices using a separate internet connection should be made routine when an employee is willing to enter the company’s network. The devices should be secured with updated antivirus software and security controls.
  1. Cybersecurity practices keep upgrading and changing with security issues and concerns the company faces. The technology change also leads to improved security steps. When employees join the office workplace, they should be proactively trained and educated with cybersecurity and remote work threats.
  1. Though work from home still seems temporary, it may permanently change work culture due to its conveniences and benefits. In such a situation, planning for cybersecurity and hybrid and remote work will play a critical role. Risk assessment is the fundamental step that should be carried out to understand threats, risks, likelihoods, vulnerabilities, and control measurements. Depending on past work experiences, a combined solution can be planned to secure devices for both types of work.
  1. Cybersecurity plans should be upgraded to secure essential, critical, private, and confidential company assets such as devices, data, infrastructure, networks, and management platforms.