Four Action Items to Secure your Virtual Workforce

The global pivot to a virtual workforce happened literally overnight. From March to April, the percentage of workers working from home jumped from 15% to 50% according to a survey by the National Bureau of Economic Research. For a majority of businesses and governments, protecting their workforce from COVID was their first priority. To keep organizations functioning and employees working from the safety of their homes, IT departments scrambled to ensure their virtual workforce had adequate devices and their networks had sufficient capacity and configurations in place.

Nevertheless, what organizations cannot afford to overlook are the increased security risks that come with a virtual workforce and the urgent actions needed to address those risks. Perusing Verizon’s 2020 Data Breach Investigations Report (“Verizon DBIR”) sheds light on the nature of the threats we’re facing in 2020 and helps direct our limited resources towards the biggest threats. Here are four actions that can fortify your security posture.

The first step is to identify risks unique to your organization. Not only are you exposed to computer security risks, but also sensitive data breaches. For example, in a healthcare setting, your at-home users may have access to protected patient information either on screen, printed, or via phone conversations (all are protected by HIPAA regulations).

Action 1: Review your prior security risk assessment results and conduct an interim security risk analysis focused on the changes you made as you transitioned to a virtual workforce. The output of this interim assessment is a list of risks, which need to be scored based on impact and likelihood to prioritize action.

Near or at the top of your list should be user training. Although external actors were perpetrators in 70% of breaches, 30% involved internal users who were acting in ignorance, error, or malice (Verizon DBIR). Overall, 40% of breaches were the result of successful phishing or credential stealing attacks (Verizon DBIR). The good news is that we now work in an era of increased security awareness and vendors abound that offer basic security training as well as phishing awareness training and testing (see Gartner).

Action 2: Sign up with a security training company and start monthly training campaigns and expose your employees to simulated phishing campaigns to test your workforce’s resilience.

Modern IT infrastructure like VPNs and cloud service providers like Microsoft 365 can be configured to include best-practice security controls; however, many are not configured to leverage those security controls. Some services even include security scoring (like a video game) as a means to encourage security goal-setting (see Microsoft 365 Security Score). Simple actions that can significantly enhance your security posture include enabling technical controls like multi-factor authentication and enhanced logging, and establishing administrative controls like regular review of user access failures and user account lists.

Simple actions that can significantly enhance your security posture include enabling technical controls like multi-factor authentication and enhanced logging, and establishing administrative controls like regular review of user access failures and user account lists.

Action 3: Enable multi-factor authentication on your VPN and cloud service providers that store the sensitive data your organization is obligated to protect.

Unprotected user devices accessing your network or cloud-based systems containing sensitive data present an opportunity for malicious actors to gain unauthorized access. Maintaining a monthly patching process, deploying end point protection software and enabling encryption on user devices helps secure those devices.

Action 4: Patch all user devices and servers monthly.

These four action items do more than just plug security holes in your organization. These incremental enhancements collectively strengthen your organization’s security posture. They reinforce the top down and bottom up culture of security that is so important to securing the enterprise. Enhancing your cybersecurity posture is a never-ending journey; don’t forget to celebrate the milestones along the way, even if 50% of us are working from home.

by Malcolm Hooper, Vice President, Operations

Featured Resources

Article:

Colocation

Article:

Security

Article:

Infrastructure

Article:

Infrastructure Modernization

Article:

Change management is a human trait

Article:

The recent Focus on Hospital-at-Home is Cause for Optimism

Article:

The Colonial Pipeline Hack Could Improve Security

Article:

Using visualization tools to “whiteboard” during virtual meetings

Case Study:

Helping a Non-Profit Senior Care Provider Plan and Manage Growth

Case Study:

Referral Authorization Modernization Program Implementation

Article:

Now is a time for hope

Article:

Now is the Time to Think about the Future of Work

Article:

Right-sizing staffing and resources is essential to healthcare operations

Case Study:

Righting a Mission Critical System Upgrade

Article:

The Bad Guys are Getting Smarter. Time for Improved Security Measures.

Case Study:

An interim CIO in the midst of a global pandemic

Article:

Four Action Items to Secure your Virtual Workforce

Case Study:

Using Microsoft Teams to improve collaboration and your organization’s culture

Article:

Improving Your Organization’s Culture with Technology

Article:

Informed decisions improve patient care – even in a crisis

Article:

Brightwork healthcare specialists available and ready to help

Article:

Four New Year’s Resolutions for Your Project

Case Study:

Reorganizing an essential team to improve the entire organization

Case Study:

Provider engagement and training is essential to a successful EHR implementation project

Case Study:

Setting up a Project Management Office (PMO) During a Complex Project Leads to Success

Article:

The Wolf & The Bear: Making adversarial relationships collaborative partnerships

Article:

Think an IT Steering Committee is a Waste of Time? Here’s 5 Reasons Why You’re Wrong!

Article:

Validation is the most important step in data conversion. So why is it so often overlooked?

Case Study:

Perfecting Electronic Health Record Implementation with Change Management

Case Study:

Vendors Cash Checks. Partners Drive Success.

Case Study:

Success: An Intricate Puzzle Solved

Case Study:

How Every Decision Connects to Change