It’s Time to Assess Your Remote Work Security Posture

Organizations around the world went through a period of profound change over the past 20 months. While many had already started to implement remote work, the COVID-19 pandemic forced us all to rapidly shift to a new model. Employees needed to be able to work from their homes with little or no notice, and organizations made choices that prioritized immediate productivity over long-term security. It’s time to take a step back and assess the security implications of those decisions.

Most organizations won’t have the luxury of simply shifting back to their previous ways of doing business. The world has changed, and employees now expect to have flexibility in their work arrangements. Whether their workers will be fully remote or will work remotely certain days of the week, organizations will adapt to a new normal that involves at least some degree of hybrid work.

The good news is that we can approach the security implications of this transition much more strategically than we could during the early days of the pandemic. In our practice at CDW, we’ve worked with dozens of firms on work-from-home (WFH) security assessments and helped them to strengthen their existing security postures.

When we undertake a WFH security assessment, we begin with an inventory of the working environment. We look at which employees are currently working from remote locations and what services they use. Working hand in hand with the organization’s IT team, we then examine a variety of factors that help us paint a full picture of the WFH security environment. Some of the testing we conduct includes the following.

The WFH environment rapidly shifted the way that perimeters function. In the past, traffic on the typical corporate network was mostly outbound from employees working in an office. Today, it’s inbound, as remote users connect to corporate systems. Perimeter controls must be updated to handle this volume of traffic and maintain visibility into network activity.

It’s not reasonable to expect that employees will allow us to examine their home networks. We ask customers to send us sample physical devices with typical WFH configurations. We take these devices and simulate placing them on hostile or insecure networks. We assume that home networks are unsafe and identify configuration changes that can protect corporate systems.

With our assessment results in hand, we provide clients with recommendations on how they can improve their WFH security postures. These recommendations typically involve adding new data security controls, backing up data to corporate servers or the cloud, locking down security configurations and implementing multifactor authentication. We also encourage companies to have frank conversations with end users about the appropriate use of corporate computing systems.

Remote work is the new normal, and it’s time for security teams to consider how they will protect corporate systems and data in this new environment.

Story by Victor Marchetto