Improving cybersecurity for remote and hybrid workforces
The shift to remote work has been a seismic event for HR professionals, but it has also had a significant impact on the IT department.
The pandemic forced companies to take drastic safety measures, and as a result, millions of office workers became full-time remote employees virtually overnight. A year later, the experiment is still ongoing. According to a recent Upwork survey, all-remote and hybrid workforces are here to stay for many companies: the expected growth rate for all-remote workforces over the next five years doubled, and about 62% of hiring managers expect their workforces to be more remote in the future.
Related: Cybersecurity fears keeping CEOs up at night
The shift to remote work has been a seismic event for benefits and HR professionals, but it has also had a significant impact in the IT department, as cybersecurity incidents are on the rise. One recent survey found that 20% of companies experienced a remote work-related security breach. It will take a combined effort to address the risk remote work poses to sensitive company data. HR departments need to help their companies build a stronger security culture, and IT teams must harden the security posture.
Creating a strong security culture with Zero Trust
A Zero Trust strategy is a great way for companies to combat the security challenges of remote working. It’s a security approach that assumes no one is automatically entitled to access sensitive data, even if they present login credentials. That’s a departure from standard security strategies that rely on credentials like passwords to grant access. Zero Trust balances the need to give employees access to network assets to do their work, but it requires more than just a password, challenging users to:
- Confirm their identity, i.e., prove they are who they say they are
- Provide proof that they have the authorization to access the requested resources
- Demonstrate that they need to access the resources to do their job
In a Zero Trust security culture, employees who want to access sensitive data must first positively identify themselves, show authorization to access resources and prove their job requires access to those particular assets. Zero Trust may seem stringent, but the approach enables companies to reassert control over their own assets to protect their data and employees.
Zero Trust policies can help companies create a culture where employees are much more mindful of the value of data assets. With the right technology, Zero Trust doesn’t slow down operations — employees who can prove their identity, authorization and need can seamlessly access what they, but a Zero Trust approach allows organizations to build a much stronger security culture.
Scaling up a Zero Trust infrastructure
A Zero Trust-based security culture paired with a Zero Trust infrastructure vastly improves security by giving companies a way to monitor and trace all user activities on the network and lock down security at every endpoint. With budget constraints related to the pandemic, it may be difficult for companies to put all the security features in place immediately, but Zero Trust can be scaled up easily.
As a first step, the company can implement a privileged-access management (PAM) system to keep the most sensitive and valuable assets safe. PAM controls facilitate privileged user access from a central point, giving the company complete control over who accesses which assets and enabling tracing and monitoring to keep highly confidential data safe.
Once PAM controls are in place, the company’s cybersecurity team can deploy endpoint privilege management (EPM) controls and implement a multi-factor-authentication (MFA) solution. EPM locks down endpoints at the application level, eliminating local admin rights regardless of user privileges. MFA requires users to prove their identity so credentials can’t be misused. The three elements — PAM, EPM and MFA — complete the Zero Trust infrastructure.
Getting ready for the remote work long haul
Cybercriminals are working overtime to take advantage of the surge in remote work related to the pandemic. And with employees working offsite (and often on their own devices rather than company-issued equipment), the risk is magnified. The trend toward greater reliance on all-remote or hybrid workforces means the security risks aren’t going away, so companies have to adapt.
A more security-conscious culture can help your company adapt to new realities while protecting your most sensitive data. A Zero Trust approach can be highly effective because, by definition, it makes no assumptions about individual users, and it treats everyone equally, requiring proof before granting access to data. Adopting a Zero Trust mindset can lay the foundation for a strong security culture.
A Zero Trust infrastructure can back up a stronger security mindset with technologies that significantly reduce the risk of sensitive data falling into the wrong hands, even when everyone is working from home. A stronger security posture protects the company, its employees and its customers, which is a great way to improve cybersecurity for any company with a remote or hybrid workforce.
Chad Carter is vice president of North American sales for WALLIX.
Read more: