By: Paul Caiazzo, Corey McReynolds

For most of 2020, shelter-in-place and COVID-19 public health and safety guidelines have kept many US workers remote. This reality has strained organizations that were unprepared for this rapid shift. For instance, existing virtual private network (VPN) infrastructure was designed to support less than 30 percent of the workforce at any given time, rather than the 90 to 100 percent using it during the outbreak.

The new threats associated with a mostly or fully remote workforce increase the probability that an organization will experience a data breach or other cybersecurity incident. At the same time, an organization’s incident response plan is operating in a very different environment than is currently covered. If your organization moved most or all employees home during the crisis, creating cybersecurity policies and procedures to reflect this new normal is essential to protect your business.

In this article, we provide the top areas to consider when adapting your procedures—for now and in the future.

Cover your assets

Remote workers should use corporately owned devices such as laptops, smartphones, and tablets to provide the most sustainable security. However, even if an organization has such a policy in place—and many don’t—additional security considerations must be addressed.

With a remote workforce, employees may be working from personal devices, and not all business traffic may be visible to the security operations center (SOC). This means that identification of a potential incident may be delayed, and root cause analysis may be difficult or impossible.  Because most organizations do not have technical architectures that support logging and monitoring for remote devices, log information critical to the mission of digital forensics and incident response may be inaccessible or non-existent. 

Updates and patches

Organizations should consider how remote devices will receive necessary updates and patches. Many on-site devices pull directly from the corporate intranet upon connecting to the network. On average, 48 percent of on-site systems receive patches within three days, but only 42 percent of remote devices are patched within the same window. While this difference may seem small, it raises the average patch time for vulnerabilities from around seven days if everything were on-site to around 38 days to include off-site assets.

This means an organization is likely to have six accessible attack vectors for every 100 systems that can grant access to their network and data for 38 days, on average. This delay exposes these devices to exploitation and significantly increases an organization’s cyber risk.

Another potential issue is how to retrieve devices from laid-off employees. During COVID-19, many companies have reduced their workforces yet may not be able to physically retrieve company-owned devices due to quarantine restrictions. If an employee refuses to voluntarily surrender a corporate device, an organization must have measures in place to ensure this lapse cannot cause a data breach or other security incident.

Ensure understanding on security policies

It is challenging to manage company assets outside the organization’s network, but it is also difficult to manage the remote working environment. It is easy to become lax with security practices that are routine in the workplace when working away from the office, especially at home. Adhering to clean desk policies and making sure to lock, log off or shut down computers are just a few tasks that employees do while in the office