During the COVID-19 pandemic a growing dependency on information technology became obvious for many organizations – and with it an increase of cyber risks. The exploitation of employees working remotely was one of the many risks that increased in this relation. According to the German Economic Institute a lack of corporate equipment, missing trainings, and non-existing concepts have been the top reasons, causing more than 50 million Euro damage to German organizations in 2020 . In 2021 the Federal Office for Information Security in Germany stated that organizations had not yet implemented sufficient security measures to improve their posture .
Since then the security posture for remote and hybrid workers had to improve significantly. The following measures have been proven most relevant in this regards:
Trust should not be provided by default. The identity of every employee (and every asset) should rather be validated depending on the current context e.g. of a role or application. Along the Zero-Trust journey the organization wide implementation of the security principles “Least-Privilege” and “Need-to-Know” helps securing confidentiality of the organizations information. In addition to that, a Software Defined Perimeter (SDP) should provide employees with a unified access to resources – no matter where they are located.
Employees should always be provided with clients that are up to date when it comes to operating system patches, as well as software versions, endpoint protection, and anti virus solutions. In combination with “Least-Privilege” this helps mitigating the risk from a technical point of view.
When it comes to remote work, organizations need “to temper the wind to the shorn lamb”. The human factor requires particular attention, as remote employees usually work isolated from other colleagues. They are more likely to act independently on e.g. a suspicious email, instead of asking a coworker for his opinion. It is therefore crucial to train employees on the information security aspects of remote work, e.g.:
- Access to the remote workplace, espionage from afar, eavesdropping by unauthorized people
- Secure transfer of sensitive information
- Disposal of sensitive information
Check if your organization has their remote workforce well prepared:
- Is your infrastructure adapted to provide remote workers with secure access to resources?
- Is the work equipment for remote workers hardened?
- Are your employees trained in security awareness, especially aspects of remote work?
Need help improving the security posture of your remote workforce? Contact us for more information.