W
What are the main
cybersecurity challenges that
remote workforces need to
overcome and how can CISOs
address these?
NICOLAI
NICOLAI SOLLING,
SOLLING, CTO,
CTO, HELP AG
HELP AG
Securing the remote workforce has
always been a challenge and there are
a number of reasons for that. First of all,
historically there has been more focus
on protecting the organisation instead
of the remote user. As an example,
organisations have deployed more and
more sophisticated network security
components such as next-gen firewalls
and anti-malware solutions, which
typically inspect network traffic within
the organisation.
FEATURE
The third and perhaps most important
challenge is consumerisation of the
devices that remote workers are utilising.
We sometimes call it Bring Your Own
Device (BYOD) but the fact is that it is
extremely challenging to enforce security
settings on a device which you do not
own and control.
I cannot emphasise
how important
identity hygiene is
in our current threat
landscape.
All this said, the ability to work from
anywhere and at any time positively
impacts both employee productivity
as well as job satisfaction. In today’s
business environment therefore, it is
imperative for IT to support and secure
the remote workforce.
So, what can organisations do to secure
their remote workforce?
Employee awareness and training
However, when users take their laptops
home, they are vulnerable as they
are outside of this protection. From a
technical standpoint, we have been able
to address this for a number of years by
backhauling remote users’ traffic to the
headquarters via VPN but organisations
today are still worried about user
experience and bandwidth consumption.
Another element is the actual user
behaviour, arising because users
may have more versatile use of their
devices when they are outside the
organisation as compared to internally.
An example here could be the ‘road
warrior’ who is on a business trip and
needs to take care of personal tasks
on his corporate device – potentially
introducing risk.
www.intelligentciso.com
|
Issue 12
Last year, social engineering was the
initial attack vector used in 65% of the
threat advisories that our Managed
Security Services (MSS) team
published. Recognising that humans
still present the weakest link in the
cybersecurity chain, the first task should
be to raise cybersecurity awareness
within the workforce. This should include
making employees understand the
implications of their actions, company
security policies and best security
practices such as the use of strong
passwords. Furthermore, training should
be an ongoing activity rather than a one-
time exercise.
Use of VPNs
As employees will often use their
personal devices when connecting
to company networks, it is best to
provide them with a secure means of
37