Softsource Q&A David Small discusses the risks of a remote workforce
Many organisations have learned to adapt in the new working environment and found themselves with a largely remote workforce due to the ongoing COVID-19 pandemic. While it may seem simple to have your employees to complete their work over their home internet, there are enormous security risks to consider in remote working arrangements.
To learn more about those risks and how to mitigate them, we spoke to Softsource CTO David Small to get his thoughts.
What is the reality that organisations are now confronting with a newly remote workforce?
David: How to manage them securely is the big challenge. They were sitting on corporate computers, mostly in their office, that are behind their corporate firewall and web content filtering, and they have complete visibility of those devices and users.
Now they are working on their home computer that they may share with their partner and their kids. As an organisation, you have no idea what’s installed on it or who’s using it.
They might be sitting behind their internet provider’s firewall that isn’t really designed for corporate security, but they’re now pulling all of your corporate data down to their machine and working on it.
All of a sudden, you need to get each device patched, to make sure they have antivirus on them, and you need the ability for remote control to help them if they have a problem.
What have they likely not considered until now about the requirements of remote work?
David: It’s the monitoring and management of each of those connections. Is it their employee logging into the system or is it someone simply pretending to be your employee?
There are also the software requirements. Do their employees have the right software and applications to do their work?
And then, it’s information access. Many employees will find they don’t have server access, so where are they storing their data, and what happens if they lose their data?
How do you control all of these things remotely? Because you can’t ask them to just bring their computer back to the office to solve all of these issues.
Is shadow IT a problem in these scenarios?
David: Yes, it is because they may not have that piece of software they normally use in the office, so they’ll use something they found from a Google search. Then they may be inadvertently uploading data into that application, which has its servers in a country that isn’t safe and could also be causing big compliance problems.
When people are storing data in lots of different places, it becomes impossible to control. So, what happens if someone’s machine dies? How do you get that data back? Because that hard data backup you had on-premises no longer applies.
What are the biggest security threats people should be aware of?
David: Well it’s all of the usual types of attacks but people are much more vulnerable in a remote work setting. Right now, we’re seeing a lot of phishing attacks that are taking advantage of COVID-19 messages, and it’s only a matter of someone clicking on the wrong thing that could open the door for some form of malware or ransomware.
We also know that every machine with internet access gets touched three times a day by someone scanning that IP address to see if it’s vulnerable for an attack. So, all of a sudden, their computer is exposed, your data has been breached, or ransomware has been launched and your data has been encrypted.
What steps should organisations be taking to protect themselves and their data?
David: The first step is to look at the security posture of your devices and the simplest way to do that is to have security on the device. Anything else you do from a security point of view will be pointless unless the devices themselves are protected, so you need to get visibility and control over every device.
The next step is to implement some data protection so that you can get your data back in a worst-case scenario of a human error, malicious activity or hardware faults. This involves making sure your data is being stored in the right places, and if it’s in the cloud, that it is still being backed up because the cloud isn’t always necessarily safe.
The third step would be data loss prevention, so classifying and monitoring data while it’s at rest, in use, or moving through your network. This enables you to protect sensitive data from loss, breach or accidental deletion, all of which could be damaging to the business.
How can Softsource assist organisations with their remote working technology environment?
David: We offer a comprehensive service that will enable you to protect and manage your devices through our Desktop as a service (DaaS) offering. Our team can ensure your devices are secured, safe, patched and have the latest anti-virus software while being monitored 24-7.
We also deliver the backup and data loss prevention measures you need through our entrada Hybrid Infrastructure as a Service (IaaS) solution. This ensures your sensitive and valuable data is protected, monitored and stored safely at all times.