Managing Cybersecurity Challenges with Remote Teams
How enterprise security leaders are protecting their remote distributed teams
Although remote work is certainly nothing new, the onslaught of the Covid-19 pandemic caught many businesses off-guard. For them, managing remote teams with so little time to prepare has proven challenging, bordering on burdensome. In a matter of days, they had to issue company-owned laptops, deploy new virtual machines, and overcome a raft of other difficulties, all while maintaining oversight over their digital infrastructures.
Yet, despite the pandemic, remote work is here to stay. After all, it introduces many benefits, such as lower facility costs and reduced impact on the environment. There’s also evidence of flexible work situations leading to enhanced employee productivity and morale. Perhaps the most important opportunity, however, is the way remote work supports innovation in an era of constant change.
While the strengths and opportunities of remote work are without doubt, that’s not to say there aren’t some important challenges. Chief among these are the new information security threats that come with having a distributed workforce. That’s why cybersecurity leaders must play a central role in managing remote teams. To do this effectively, they need to develop a healthy respect for remote work, even to the point of helping the traditionalists among us overcome a widespread adversity to the trend.
What are the security challenges with remote work?
A recent study by OpenVPN found that 90% of IT professionals believed remote workers to present additional security risks to their organizations. The risks were made even more public during the Covid-19 lockdowns. In one case, UK Prime Minister Boris Johnson inadvertently revealed a meeting ID of a sensitive government call when he posted a screenshot of a Zoom meeting on social media. Zoom responded by releasing an update that removed these private numbers from the app’s title bar.
But virtual conference security threats are just one of many unique challenges of remote work. Employees working from home may access sensitive company data through unsecured WiFi networks. Using personal devices for work has also proven a worrying practice, especially if those devices haven’t been properly enrolled in the company’s BYOD policy. On top of that, there are the generational challenges with technology to overcome. Many of us still take digital security for granted, and it can also be tough to establish personal trust and adherence.
Rule 1: Don’t assume everyone is technically prepared
Before millions were suddenly forced to work from home, often with only a few days’ notice, many employees had rarely, if ever, used remote work software. Many weren’t familiar with video conferencing, screen-sharing, and online collaboration platforms. Suddenly, they had to get used to using software and services they had no experience with, such as setting up VPNs with nothing more than a complicated technical manual to guide them.
Security leaders should never assume technical proficiency. They must also be educators who approach people on an individual basis to help them get up to speed,
Rule 2: Tutorial guides still matter
Everyone has different ways of learning, and it’s never reasonable to assume that everybody on the team knows what to do. For example, you can’t simply tell remote workers to connect to their virtual workspaces via the company VPN and start using multi factor authentication. A lot of people simply won’t understand what you’re talking about.
It's important to have an established set of processes for onboarding remote employees, which respects the fact that everyone learns differently. Instead of relying on technical user manuals, security leaders should provide up-to-date training guides across a wide range of formats to accommodate different learning styles.
__Rule 3: You need remote work guidelines __
Naturally, rules and requirements are of great importance in any cybersecurity strategy, and managing remote teams is no exception. But it’s equally important to establish expectations and, in doing so, drive a culture change that makes security an integral part of everything you and your remote teams do.
Guidelines help ensure everyone is on the same page, while requirements are the technical controls that security leaders use to enforce the rules. Guidelines are more about the human element, and should exist to help employees make informed decisions.
Rule 4: Face-to-face meetings still matter
With all the talk of virtual conference security threats, some business leaders are reluctant to support online meetings at all. But face-to-face meetings are still important, perhaps now more than ever. While they’ll never be quite the same as a real-world meeting in a boardroom, they do improve communication and reinforce relationships. This leads to stronger collaboration, especially in a time when employees are more likely to feel detached and distant.
Security leaders need to help their peers overcome the fear of video conferencing while also taking the technical and administrative measures necessary to secure their communications.
Rule 5: Remote work can enhance productivity
Remote work benefits employees in many ways, not least by eliminating the need to commute. Moreover, working in a more familiar and personal environment, especially when using their own devices, tends to enhance productivity. However, while employees often relish the greater flexibility, it often comes at the cost of a healthy work-life balance. When that happens, people will be prone to making risky mistakes.
Leaders must do everything they can to encourage an optimal work-life balance for the sake of their employees’ wellbeing and the integrity of their business operations.
Rule 6: Follow the example of experienced remote teams
Over the past decade, we’ve seen the launch of numerous agile startups jump straight to the forefront of innovation. Some of them don’t even have a physical workspace, with employees exclusively working remotely from the beginning. Many established enterprises have at least some experience managing remote teams too.
There are plenty of examples to follow. Security leaders should set up an advisory board of experienced remote workers to reduce risk and manage change more efficiently.
Rule 7: Employees should resume normal when ready
For some of us, remote work is here to stay, simply because that’s what an increasing number of businesses and employees want – pandemic or not. But that’s not to say traditional office work isn’t going to return.
Even once things return to normal, not all employees will be ready to return to the office. Some may have preexisting health conditions which could put them at risk. Others might simply work better while at home. It’s important for business leaders, those in cybersecurity included, to be flexible when it comes to supporting the continuation of remote work, as well as the return to the office.
Cybrary helps organizations close the cybersecurity skills gap and build a workforce capable of tackling the challenges of today, and tomorrow. Request your demo of Cybrary for Teams to get started.