Work-from-home allows organizations to minimize the impact of productivity loss. The novel COVID-19 coronavirus drives organizations to rethink work-from-home in two major ways - First, whether work-from-home should be treated as a permanent and standard contingent measure that can be switched on and off instantly, instead of an ad hoc arrangement. Second, whether work-from-home facilitates the same or even greater productivity that part of the organization would permanently turn remote even in good days.
With SaaS applications like video-conference tool Zoom and cloud office suites such as Google G Suites, work-from-home strategy isn’t rocket science anymore. However, the ease of adoption creates a new obvious target for hackers. Security for remote work is what organizations should pay attention to next. We would like to offer a few pieces of advice here to provide a basis for organizations to begin with.
1. Stress-test infrastructure
To enable work-from-home, the first and foremost way is VPN. Stress-testing your infrastructure to make sure it is ready to handle sudden and large volume of traffic that employees could switch to remote mode anytime.
2. Housekeep the data
Organization data, especially confidential and sensitive data, should be well labeled and defined for preparing security policies, which allow the proper roles to access the proper data. Re-approach the existing data management setup and make sure it comprehensively covers the work-from-home environment. It could be disastrous if a salesperson is able to access a full set of salary data of the team instead of just one’s.
3. Audit segment policies
Re-visit organization chart with the current policies relating to sharing and access of various types of data, and ensure different levels of access ties in with different levels of data sensitivity.
4. Cover all endpoints
The access of organization data is no longer just from the desktop inside the office. Employees might use their own mobile devices, home computers or even desktops in the cafe to access the data. It is essential to think through the process to avoid hacks and data leakages, and ensure the security posture is robust.
5. Don’t assume
Nothing can be assumed when it comes to security. It is crucial to understand every single detail relating to data access management, user segmentation, multi-factor authentication, etc. Also, it is important to offer company-wide security training to raise the awareness of the potential threats.
These are good starting points for data and network protection for your organization. Resolve Technology is a primary and trusted security integrator to protect our clients against attacks and threats.