Unprecedented times call for unprecedented actions and the ongoing COVID-19 pandemic has caused what is likely to be the biggest shift towards remote working that the world has ever seen. But, while the technology has been around for quite some time, recent events demonstrate just how few businesses are capable of switching from an office-based setup to a remote one in a fast, secure, and non-disruptive manner.
There’s a significant number of reasons why it is prudent to have a remote working infrastructure in place. Truth be told, “in the event of a global pandemic” probably wasn’t very high up most people’s list before 2020. In normal circumstances, common occurrences like adverse weather, transportation issues, and power outages can also severely affect the productivity of business if employees can’t access what they need outside the office.
That being said, proper implementation of any remote working program is key. In particular, the right security tools must be in place, otherwise businesses risk exposing themselves to a wide range of cyber threats.
This article examines some of the major considerations for any business looking to tackle the security challenges of remote working and implement a program that will enable employees to work both effectively and securely from anywhere.
Security challenges of remote working: Finding the right approach
Historically, office-based businesses have managed off-site workers through the use of virtual private networks (VPNs) and managed devices with installed software agents – also known as the mobile device management (MDM) approach. While still a relatively popular strategy today, it raises an increasing number of privacy concerns, mainly because it gives businesses the ability to monitor everything employees do on their device. VPN technology is also widely considered to be outdated and its complexity means skilled IT professionals are required to manage/maintain it properly.
For businesses without legacy technology to consider, a bring your own device (BYOD) approach is often preferable. Not only does it significantly reduce IT costs, but employees will always be able to work on their device in the event of unforeseen circumstances that prevent them from traveling to the office.
Unlike a managed device approach, employees using their own personal devices have more freedom over what and where they can view or download sensitive data, making robust security even more critical. Below are three security technologies that can be used to complement the flexibility a BYOD program provides:
1. Data loss prevention technology keeps businesses in control
One of the biggest issues with a BYOD approach is how to prevent sensitive data loss or theft from unmanaged devices. The use of data loss prevention (DLP) technology can significantly mitigate this, giving businesses much more control over their data than they would otherwise have. With DLP in place, any unauthorized attempts to access, copy or share sensitive information – whether intentional or not – will be prevented, keeping it out of the wrong hands and helping to prevent security breaches.
2. Behavioral analytics quickly detects suspicious user activity
Implementation of user and entity behavior analytics (UEBA) is a great way to quickly detect anomalous behavior that might indicate a potential security breach amongst your remote workforce. UEBA works by learning and establishing benchmarks for normal user behavior and then alerting security teams to any activity that deviates from that established norm. For instance, if a remote worker typically logs in from London but is suddenly seen to be logging in from Paris, particularly under the current circumstances, this would raise an immediate alert that something is amiss.
3. Agentless technology delivers robust security without breaching privacy
Employees using personal devices as part of a BYOD program can often be resistant to agent-based security tools being installed on them. Not only are some – like MDM – considered an invasion of privacy, but they can also impact device performance and functionality. Conversely, agentless security tools utilize cloud technology, meaning they require no installation but still give security teams the control they need to monitor, track and even wipe sensitive data if/when necessary.
Furthermore, because agentless security tools only monitor company data on the device, employees can be confident that their personal data and activity remain completely private. Leading agentless security solutions even include cloud based DLP as part of their offering, meaning businesses can cover multiple bases in one go.
Over the last few months, the pandemic has forced many businesses to fundamentally change the way they operate. For some, this switch to remote working has been quick and painless, but for many others, a lack of foresight or advanced planning has made it a significant challenge.
Of course, hindsight is a wonderful thing, but even in the midst of this pandemic, it’s not too late to change tack. By combining BYOD with powerful cloud security and analytics technology, businesses of all shapes and sizes can quickly establish an effective, secure remote working program, keeping the wheels of business turning when even the most unexpected things happen.
from Help Net Security https://ift.tt/2Xa5tcc
0 comments:
Post a Comment