4 Hidden Risks in the Remote Workforce's Rush to the Edge
The COVID-19 pandemic had a profound impact on global businesses. Many organizations experienced significant revenue loss while having to pivot their entire organization to a pure “Work from Home” (WFH) environment. This was an overnight evolution for many organizations with technology leading the way and enabling the business to work in an effective manner from home. Further, employees across the organization needed to adapt their work habitats, cope with the distractions that came with a remote workforce, and learn new ways to collaborate with colleagues.
Typically, such a fundamental shift or digital transformation comes with significant planning and should be driven by the business, aligning with the overall goals of the organization. However, COVID-19 did not allow for long term planning and strategic projects. Organizations needed to pivot overnight, adding new licensing, products, services, processes, and equipment.
There is no debate, that COVID-19 has fundamentally changed how organizations will operate and collaborate moving forward. Even as the pandemic eases over time, many organizations will continue to support a remote workforce. As such, firms need to assess their current environment for risk and compliance issues, develop paths to remediate, and build a strategic roadmap that empowers the remote workforce to collaborate around the world. Read on for some of the hidden IT risks caused by the rapid remote work transition or download the full ebook here.
If your company is not already on the cloud, doing so during COVID-19 may have been necessary to keep your business up and running. Some important risks to consider while utilizing a cloud environment are:
Authentication - Multi-Factor Authentication (MFA), Single-Sign-On (SSO) and device trust are all a great way to mitigate risks of unwanted hackers trying to access your account. Multi-Factor Authentication is an authentication method by which a user is only granted access to a device after successfully presenting two or more pieces of evidence (factors). These are knowledge, possession and inherence based. SSO is an excellent way to limit the number of passwords users need to manage, establish one place to go to for all applications, control what devices access your applications, and administer application permissions.Utilizing device trust can limit what computers can access specific coud applications and can prevents non corporate devices from accessing your applications.
Information Risk - Some of the hidden dangers that can come from this COVID-19 pandemic include the transition to a fully work-from-home environment. Employees are now using Citrix/remote desktops and VPN's to connect to work. Make sure that employees are accessing a VPN from a corporate device and that file-transfer is disabled! Companies should also ensure that SaaS apps should be monitored for changes to the environment, data flowing in/out, who is accessing the application, and where they are accessing it from. Another hidden risk to watch out for is file transferring via email. When employees are experiencing trouble or lack the necessary tools or access, they often e-mail files to their personal accounts.
Video Conferencing and Collaboration - Launching new instances of Video Conferencing and collaboration tools has become common, if not essential during the COVID-19 pandemic. Ensuring these platforms have the correct settings now is critical. These settings include disabling chat or ensuring chat logs are being sent to your electronic archive, disabling data transfers or only allowing for admin to do so if needed, MFID2 compliance, and much, much more. If compliance has been over looked and gaps exist, it is best to solve, document, and even self-report now.
With an overnight change for many organizations with technology leading the way and enabling the business to work in an effective manner from home, it is best practice to review all of the changes and ensure proper procedures have been followed. Your organization will always want to follow best practices and stay consistent with your server and endpoint patching cycles and to inventory all apps across the organizations to ensure that employees have not installed any new unauthorized applications.
Has managing employee onboarding and offboarding given your organization any challenges? For new employees, you will want to ensure that the correct permissions were applied to their account and devices. For those that are leaving the organization, you will want to ensure that access to all 3rd party apps and devices has been disabled and ensure that you received all devices back.
Work from Home Analytics
Many firms will continue with a WFH environment for the foreseeable future. However, this does have some drawbacks. Are your employees working effectively? Are employees working more? Less? Organizations can look to leverage 3rd party software to measure all of these questions and more. The software can allow your organization to create a reporting framework to bring together your key sources of data and enable your employees to work more effectively and collaboratively.