Securing your WFH workforce

The sudden need to WFH

 

In sudden and urgent situations, having your workforce work from home requires strong policies to ensure employees are equipped and capable of doing their work as well as possible.

 

To maintain workflow and output, here are the top three fundamental elements:

 

  • Your workforce should always be able to access the necessary information they need to do their work completely.

 

  • Your data has to be secure while in transit and/or at rest while people interact with it. Maintaining confidence that this is possible delivers trust.

 

  • Maintain open communications with your workforce and be informative throughout the entire process.

Can I trust my data is secure?

 

While you can equip your workforce with as many tools as possible, their means of reaching you will always be via hardware and software. Distributing hardware solely owned by your organization can be expensive and hard to manage.

 

It’s expected your workforce will return to their old habits and systems and work with what they know best at home. Who is to say their devices are fully updated, patched or even scanned for viruses and or malware?

 

It can be troubling to trust your employees to be on top of things and to entrust them with your data on their machines.

 

How to secure without being intrusive

 

There are a few ways to help your people do what they need to do without enforcing overbearing security and losing productivity along the way.

 

VPN

 

One of the easiest ways to manage your data is by letting the user access it via a VPN. These virtual networks into your company and company data allow for enclosed access and security.

 

Pros:

  • VPN’s can secure your data during the session.
  • VPN’s are affordable
  • VPN’s work cross-platform and OS

 

Cons:

  • VPN’s can significantly slow down the connection speed
  • Hard to push only (and all) company data through it
  • Configuring and upkeeping VPN can be quite difficult

 

A VPN can deliver only so much. While all traffic might be secure within the connection, once this connection is turned off, your data security is at risk. If cloud applications are used,  VPN’s can become unusable.

 

Identity and Access Management (IAM)

 

By using Identity and Access Management (IAM) you can secure access to your tools by delivering more enterprise methods and secondary factors.

 

Pros:

  • Access can be centrally managed
  • Modern authentication methods can be enforced combined with Multifactor solutions
  • Easier to manage your joiner/mover/leaver workforce

 

Cons:

  • It only manages access, not your data
  • Application SSO is secure, other methods are still vulnerable
  • Not all applications are integrable, some need additional development

 

Mobile Device Management (MDM)

 

The overall role of MDM is to increase device supportability, security, and corporate functionality while maintaining some user flexibility.

 

Pros:

  • Full control over devices, applications, and usage
  • Easy to manage device lifecycle and policies
  • Users have limited or no control over the device

 

Cons:

  • MDM’s can be quite costly and hard to roll out
  • BYOD environments are hard to manage with MDM
  • Some MDM’s do not support all OS’s

 

Cloud Access Security Brokers (CASB’s)

 

CASB’s can come in different shapes and sizes, but deliver common goals; warning your organization’s security about potentially dangerous actions, enforcing security policy compliance, and automatically preventing malware.

 

Pros:

  • More control over data in transit
  • Able to secure across (un)managed devices with or without agents
  • Delivers deep context-aware policy methods for your data

 

Cons:

  • Can be hard to implement (quickly)
  • CASB’s can act as a single point of failure
  • It is not a full MDM system

 

Teaching correct methods

 

Working online with provided apps

 

Ensure all employees know which online tools are to be used for communication and teamwork. If you have a collaboration suite, give access to it. Over-communicate on every platform, and if possible centralize messaging for important information. Not being clear will lead to users finding their own solutions, which in turn becomes part of your shadow IT.

 

Use logged in browsers (Chrome)

 

Where possible, use browsers with an element of control. Chrome can be managed from the basic G Suite license. With this, you can secure some data, block out extensions reading passwords (or other data that is created), and deliver some automation within the browser. Chrome policies in G Suite can also enforce that only the latest versions of the browser are being used.

 

Set policies

 

It takes smart people to set good policies. Make sure your workforce is aware of your guidelines with regards to how to WFH, use applications, devices, and manage security.

 

Deliver “Security Awareness training” to teach and widen your workforce’s understanding of security requirements and possible threats.

 

Always communicate and support

 

Transforming your workforce requires strength and perseverance from your team and all levels of the organization. Being accessible and transparent is key in delivering the best possible solution for any type of organization.

This article was written by HenkJan de Vries, Okta Solutions Engineer, a full-time WFH employee, and home automation nerd.

Looking for more information? Contact our experts.