Cybersecurity for a Remote Working World

Remote work introduces a number of new security threats and considerations that must be incorporated into an organization’s security policies and procedures.
workers. For example, train your employees to spot the warning signs, notify IT of any suspicious emails or messages and delete the correspondence. Guide employees to access information by going directly to a trusted website to find the data. Build a safe security culture, so employees feel comfortable notifying IT immediately without fear of recourse if they do click on a link. Test your workforce regularly, analyze the results and educate employees accordingly.

Have a plan

Most organizations’ incident response plans are based on the assumption that incident response team (IRT) members will be able to respond in person to a potential incident. With a remote workforce, especially when COVID-19 shelter-in-place requirements in place, this may not be possible.

When responding to a cybersecurity incident involving a remote worker, an IRT may have to rely upon the remote worker—who may have limited technical knowledge—to respond to and recover from the incident. This will likely delay response times, potentially increasing the impact of the incident, and may make recovery activities, such as reimagining the machine, much more difficult to complete. To prepare for this situation, organizations may wish to create “IR kits” containing automated scripts for common data collection and recovery activities.

Rules to live by: contract and comply

Many organizations are governed by data protection regulations that apply to certain jurisdictions. Depending on the location where sensitive data is being processed and potentially breached, different regulations may apply.

Most organizations have strategies in place for ensuring compliance with data protection and contractual regulations. However, these strategies likely rely upon the assumption that all employees and data processing occur on-site. With a remote workforce, this may no longer be valid, potentially impacting an organization’s ability to secure sensitive data and maintain regulatory and contractual compliance.

Organizations with remote workforces must establish policies and security controls to ensure that sensitive data is protected in accordance with contractual and regulatory requirements. Additionally, organizations should investigate how remote work expands and impacts their regulatory obligations and put in place any additional security controls required to achieve compliance with these new requirements.

Security policy and protocol

Remote work introduces a number of new security threats and considerations that must be incorporated into an organization’s security policies and procedures. If a business contemplates a permanent or extended shift to remote work, implementing the security controls necessary to minimize the associated cyber risks will help maintain a more secure workplace.

COVID-19 and remote work are certainly still a part of our present and will be for some time to come. Organizations should embrace a robust approach to cybersecurity in this new reality.


Latest Updates

Subscribe to our YouTube Channel