Cybersecurity for Enterprise Teleworking during the WFH Contingency
The coronavirus pandemic swept entire workforces into makeshift home offices. Some people got a desk and a door. Others got a laptop on the upside-down hamper in the hall.
On social media, work from home (WFH) employees celebrated the silver linings: happy pets, lunch!, discovering that a robe pocket fits a pen and notebook.
But for many businesses, enterprise teleworking has been problematic. Many organizations are still not prepared for the cybersecurity challenges that surround teleworking.
The WFH Security Problem
Cyber adversaries thrive on disruption. Hackers are opportunistic and wait until conditions are right for attack. Unfortunately, conditions now are seriously right.
Why? Because during the massive shift to working from home, employees probably:
- Use home office setups with less security
- Use a hybrid of work and personal devices throughout the day
- Engage in more online data sharing (more virtual meetings, more emails, more file sharing)
- Have less access to IT support
These are, of course, generalizations. But generally speaking, …
- From a cybersecurity perspective: More telework = More security risk.
- From a hacker’s perspective: More telework = More opportunity.
To compound the problem, bad WFH habits solidify over time. Risky WFH computing behavior is now becoming entrenched.
Get Out of the Trenches and Find a Solution
U.S. government agencies, like the National Institute of Standards and Technology (NIST) and the Cybersecurity and Infrastructure Security Agency (CISA), have offered timely and on-point guidance for secure teleworking.
In March 2020, NIST issued a bulletin that reiterated some practical standards for teleworking. The NIST recommendations are derived from NIST SP 800-46 rev. 2, published in July 2016. Called “Security for Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Solutions”, the NIST bulletin calls out 5 key concepts that business and IT leaders can focus on right now.
NIST Recommendations for Improving the Security of Telework and Remote Access Solutions
- Develop and enforce a telework security policy, such as tiered levels of remote access
- Require multi-factor authentication for enterprise access
- Use validated encryption technologies to protect communications and data stored on the client devices
- Ensure remote access servers are secured effectively and kept fully patched
- Secure all types of telework client devices—including desktop and laptop computers, smartphones, and tablets—against common threats
Similarly, the Cybersecurity and Infrastructure Security Agency (CISA), an agency of the U.S. Department of Homeland Security (DHS), offers resources and simple tips for improving cybersecurity while working from home.
The WFH contingency has resulted in astonishing challenges, including the security of enterprise information assets. NIST’s 5 recommendations are timely and on-point. CISA’s alerts and information can help organizations achieve a heightened sense of cybersecurity. All business types can benefit now if they adopt and adhere to good guidance.
How can Sera-Brynn help?
Sera-Brynn, a leader in cyber risk management, offers:
- Technical services to help secure networks
- Advisory services to help develop telework policies and procedures
- Endpoint protection technology (our CHECKLIGHT solution specifically addresses NIST’s recommendation to secure telework client devices like laptops and computers).
- SIEM as a service – for continuous monitoring
- Incident response services to get you back online
Contact us to learn more.
The author, Colleen H. Johnson, is a Cyber Legal Analyst at Sera-Brynn.