3 Key Principles Businesses Must Keep In Mind When Securing the Remote Workforce

By : Evan Dumas | Friday, October 16 2020 - 17:00 IWST

Evan Dumas, Regional Director, Southeast Asia, Check Point Software Technologies (Photo by Linkedin)
Evan Dumas, Regional Director, Southeast Asia, Check Point Software Technologies (Photo by Linkedin)

INDUSTRY.co.id - You would have probably heard how Facebook expects half of its workforce to keep working remotely over the next five to ten years, and how Twitter told its staff that they can work from home forever if they wish. No doubt, this is a new working model as a result of the pandemic. It is different from what we are used to, but it is here to stay.

However, shifting to remote working overnight is not a simple task. While digital transformation and remote accessibility have been gaining traction over the past decade, there were very few organisations that were prepared to go ‘fully remote’, and do so practically overnight.

With the move to remote working, threat actors have been taking advantage of these rapid and widespread changes. This have left organisations more vulnerable than ever to cyberattacks. As we all work from home, our security awareness goes down. Therefore, it is critical that organisations take steps to secure the remote workforce to prevent falling victim to the next cyber attack.

Here are 3 key principles businesses must consider: 

1. Complete Security Protection

As the saying goes, it takes only one match to set a forest on fire. The same goes for cyberattacks. This is why it is crucial to eliminate any potential security gaps. Employees should be completely protected from all imminent threats and across every platform, including endpoints, mobile devices, cloud emails (e.g. Office 365, G-suite), and collaboration apps (e.g. SharePoint, OneDrive, Teams, Google Drive), and many others that businesses are using on a daily basis. Being complete also means being able to secure the remote workforce against 3 main threat vectors: 

Phishing: Phishing is a big problem, with more than 80% of breaches involving the use of credentials that were lost or stolen via phishing. 

Malware: At best, antivirus software blocks only 43% of the malware strains currently in the wild. This means that most variants can still get into your network. That is about 8,500 unknown zero-day threats worldwide per day. That is why it is important for your malware protection to be able to prevent both known and unknown malware.

Data leakage: Even though data leakage is not an attack per se, it is a huge threat. Employees can unintentionally or sometimes intentionally leak sensitive data outside the organisation. This is where data protection comes into play. Data protection should be deployed to the endpoint, on mobile devices, cloud email, and productivity suite. 

2. Prevention First Strategy

Businesses should think of preventing attacks before they happen, and not just detect them. A prevention-first strategy is one of the most effective ways to avoid financially devastating data breach. Traditional security solutions that use signatures and rule-based analysis are focused only on detecting threats. However, in order to win the cybersecurity battle, a prevention-first approach is needed, and can be accomplished with 3 main principles: 

Implementing real-time threat intelligence: For a prevention-first strategy to work, threat emulation verdicts need to be reached fast. Towards this end, real-time threat intelligence can quickly determine if a file or link has already been deemed malicious in real-time through intelligence sensors.

Leveraging AI-based threat prevention technology: When indicators of compromise (IoCs) do not exist for a suspicious email or file, organisations can vet risky documents and messages using the power of data science. Because of the velocity of malware and phishing evolution, there is an increasing number of devices and technologies that need protection, and a huge amount of data to process. All that combined, makes it impossible for human-created models to provide comprehensive up-to-date protection. This is why we need AI, which can analyse millions of parameters like no human being can. 

Adopting a Consolidated Security Architecture: By combining the power of shared threat intelligence and AI with a security architecture, organisations can prevent attacks across all attack vectors uniformly. For example, if an employee receives an email with a link on their mobile device, and clicks on it, the shared threat intelligence begins working in the background. The URL undergoes payload path and domain analysis to determine whether it is safe. If it turns out that the link on the employee’s smartphone was malicious, it will be instantly blocked, preventing the employee from accessing the website. The threat data is then immediately shared across the entire IT environment.

3. A User-Friendly Solution For All

What is the point of an all-encompassing security solution if it is so complex that nobody knows how to use it? Organisations should consider the user-friendliness of the solution for its employees and admins. It also have to be seamless with their current tools, systems, devices and work environment, and should be efficient to deploy and get results. In addition, businesses should also take into account the flexibility of the solution to meet the needs of the business, and support specific vertical compliance requirements and privacy concerns. 

In Conclusion

Shifting to accommodate a remote workforce is no easy feat. However, organisations need to revisit and adapt their security plans in order to ensure that their businesses is safe in the new normal.

News Comment

Today's Industry

Ilustration Brand phishing (Photo by Technonlogy For You)

Rabu, 21 Oktober 2020 - 15:30 WIB

Microsoft is Now Most Imitated Brand by Hackers

Microsoft soars from 5th place in Q2 to 1st place in Q3 for brand phishing attacks, making up 19% of all global phishing attacks in July, August and September.

L/R: Alwin Zecha, Founder - Pacific Leisure Group, Thailand; Hiran Cooray Chairman - Jetwing Symphony PLC, Sri Lanka; and Akbar Shareef, Chairman & Chief Executive - Rakaposhi Tours (Pvt) Ltd., Pakistan (Photo by Global Travel Media)

Jumat, 16 Oktober 2020 - 17:15 WIB

PATA Honours Industry Leaders, Pioneers and Professionals at 69th Annual General Meeting

The following awards were presented during the 69th Annual General Meeting held online PATA Gallery of Legends Award, PATA Life Membership, and PATA Chair’s Award.

Hypertherm, a U.S. Based Manufacturer of Industrial Cutting Systems and Software

Rabu, 14 Oktober 2020 - 21:30 WIB

Hypertherm Releases New CSR Report with Updates On Community Outreach, Environmental Impact, and Associate Well-Being

Hypertherm, a U.S. based manufacturer of industrial cutting systems and software, announced the release of its 2019 Corporate Social Responsibility Report.

Dr Paul Gardner-Stephen, Senior Lecturer, College of Science and Engineering, Flinders University (Photo by ICT Days)

Kamis, 24 September 2020 - 15:15 WIB

NBN Co to Spend $3bn Upgrading Half of FTTN Network to Full Fibre

In particular, the original Fibre-To-The-Premises (FTTP) plan had several key advantages that this announcement is not able to solve.

Rena Chua, Bug Bounty Advisor at HackerOne (Photo by Linkedin)

Kamis, 24 September 2020 - 14:15 WIB

How COVID-19 Is Impacting Security

With this accelerated pace of digital transformation, CISOs had to quickly facilitate new needs — while ensuring the security of existing systems and newly-acquired collaboration tools.