Remote working is here to stay

The COVID-19 pandemic has brought many changes to our lives: social distancing, face masks, and WFH (work from home). Based on health scientists’ advice to protect society and driven by the need to maintain business continuity, private and public sector organizations have directed their employees to work from home.

The change in work habits is enormous: according to the Bureau of Labor Statistics , only 29 percent of Americans were able to work from home before the COVID-19 era. However, remote working is here to stay. According to a recent Gartner survey , 74% of enterprises intend to maintain at least 5% of staff in permanent remote work employment, while 17% of the respondents said that at least 20% of employees in their workforce would be turned over to permanent remote employment.

Working from home should be a business continuity strategy option for all businesses. Not only to cope with public health crises, but to be able to sustain operations in any emergency, like natural disasters or terrorist attacks.

Remote working security challenges

However, remote working introduces various security risks and challenges for businesses. With employees working from home, connecting to corporate assets through their home Wi-Fi often using their personal devices (laptops, smartphones, or tablets), the corporate boundaries have evaporated.

Businesses are faced with hard to solve questions. How can you secure the access to your corporate data? How can you effectively and continuously authenticate the devices accessing your assets? Corporate security teams need to find usable and effective solutions to many problems.

Many employees are using their privately-owned equipment, which might not be compatible with the corporate applications. In addition, their home Wi-Fis are not secured like corporate networks and might even support outdated security protocols (i.e. WEP instead of WPA-2). As a result, criminals may easily launch man-in-the-middle attacks, intercepting network traffic and stealing sensitive corporate data.

In addition, your employees might fall victims to the many phishing campaigns exploiting every crisis. In fact, email phishing attacks have spiked over 600% since the end of February 2020. Cyber criminals are taking advantage of the pandemic to trick users into revealing their personal information or clicking on malicious links or attachments, downloading malware to their computers. Phishing campaigns are the criminals’ preferred attack method and are the main cause of data breaches .

Finally, and sadly, many companies are still relying on questionable password policies, even though passwords are full of security risks. Password fatigue, weak passwords and password reuse are like sweets in a sweetshop for criminals, who can very easily compromise them and gain access to corporate assets. In addition, criminals are exploiting stolen credentials to gain unauthorized access to multiple accounts in a very short period.

How to secure the remote workforce

Businesses need to mitigate these risks and challenges and secure not only their remote workforce, but also their assets. During the past few months, many organizations, like NIST , ENISA , and Center for Internet Security (CIS) have published advice on how to secure remote working. In addition, many security professionals have also blogged about the same topic. Their recommendations include the following list of best practices.

1. Make remote working part of your business strategy. Remote working is here to stay. Therefore, any business should have policies and procedures in place detailing when and how working from home is implemented.

2. Train your staff. Any policy is not enough if it is not adhered to by business employees. Train your staff to be aware of the security procedures to implement when working from home and how to use the various online collaboration tools to boost productivity.

3. Create a safe and effective foundation for remote digital access. Provide secure access to corporate IT resources as well as to the internet itself, typically through an internet provider and virtual private network. This requires attention to every part of the connected tech stack, from internet access itself to providing work devices and secure means to reach and interact with corporate networks, data, and applications. This is the cornerstone of managing and supporting the whole remote working process.

4. Secure remote access to business assets and services. Typically, this is provided by a virtual private network (VPN) solution, which creates an encrypted network connection making it safe for the worker to access corporate IT resources. Usability and reliability are key factors when selecting VPN solutions. Be sure to test all the service providers to be used and ensure performance is sufficient. In addition, strongly consider two-factor authentication (2FA), instead of just user IDs and passwords, to significantly boost security. 2FA hardware authenticators are quite inexpensive now, while employees can also use their mobile devices as a 2FA authenticator.

Urgent need for cybersecurity experts

However, to effectively plan and implement the above recommendations requires skilled cybersecurity professionals. According to recent reports , the greatest barriers to establishing effective defenses are the lack of skilled IT security personnel and low security awareness among employees. This is where an HR Manager can make an impact.

One solution to the lack of highly skilled cybersecurity staff is to train existing IT team members so they can take on new roles as security administrators, analysts, incident responders, and testers. The HR Manager can promote security team training since employee attitudes toward team training are generally positive .

To fill the gaps in advanced IT security skills, the HR Manager can promote professional certifications in security. A recent study has highlighted that earning these certifications comes with many advantages, such as expanded knowledge, increased credibility and respect and improved job satisfaction.

Finally, the HR Manager can hire the right future cybersecurity leader. It is the “who” that matters when filling critical leadership positions. HR Managers should prioritize mindset over technical skills when they are considering and evaluating cyber leaders. Looking at what successful cyber leaders do, mindset characteristics should stand out, such as having a wide business view, being eager to grow others, and having an appetite for learning. Although the cybersecurity experts must possess deep and profound technical capabilities, they also need to be an influential voice in business strategy, technology decisions, and enterprise risk management.

How CISSP can help

The Certified Information Systems Security Professional (CISSP) certification is recognized as a gold standard for cybersecurity professionals. The CISSP is ideal for experienced security practitioners, managers and executives interested in proving their knowledge across a wide array of security practices and principles, including those in the positions of Chief Information Security Officer (CISO), Chief Information Officer (CIO), Director of Security, Security Systems Engineer, Security Analyst, Security Manager, and Security Consultant.

The CISSP Common Body of Knowledge (CBK) provides an in-depth awareness and expertise across all security domains, helping to build and showcase a solid cybersecurity foundation, strong and versatile skillset, which will become a valuable asset to securing your business against risks and challenges.

(ISC)² is the leader in security certifications and is acknowledged by companies worldwide. To learn how your business can benefit, go to https://www.isc2.org/Training/Enterprise-Solutions or explore our Definitive Guide for Cybersecurity and Business Prosperity whitepaper .