Businesses around the world have been forced to accommodate working from home en masse due to the COVID-19 crisis. While it is unclear how long this will go on for, the need to secure the corporate ecosystem remains. Working from home increases the chances of employees using personal devices, their home networks, and consumer applications for business purposes, and therefore increases the potential risk to the corporate cybersecurity infrastructure. Below are 8 measures that organisations can take to mitigate and remediate these threats.
1. Onboard devices over-the-air
Additionally, using services such as Apple Business Manager or Android Enterprise Enrolment, IT can customise the onboarding process, resulting in a simple and smooth enrolment process for users. Furthermore, employees can use a self-service portal to track, add, or remove devices they have under management.
The first, and most crucial step for a seamless transition to remote working is to enrol all users’ devices that will be used to access business data in a unified endpoint management (UEM) platform. Organisations should choose a UEM platform that allows for the provisioning of any device, in order to accommodate both corporate issued devices and employees’ personal devices. This will allow IT teams to have maximum visibility over all endpoints that are being used to access business data.
2. Configure a consistent set of security policies across devices
All devices that are onboarded onto the UEM need to be secure and configured in line with your organisation’s information security guidelines. AI-based threat detection software can assess the risk a device presents at the point of enrolment and continually re-assess it through its lifecycle in accordance with high security standards.
Having higher security standards on the point of entry ensures no corrupt devices are granted access to the business ecosystem. AI upholds these standards by enabling this process of assessment to constantly repeat in order to defend against malicious actors 24/7. Any threats that are detected are brought to the attention of IT staff to be remediated.
The digital workspace can then be separated from employees’ personal data and applications by using either Apple device management or Android Enterprise profiles. This safeguards the user’s privacy, while maintaining control over business data.
3. Enable secure connectivity for on-premises and cloud applications
As devices are enrolled, measures such as VPNs need to be deployed to secure employees personal networks. This is critical to protect data in transit and allow users to connect securely to the intranet, services behind firewalls, and even cloud applications. A split-tunnel VPN goes a step further and can automatically be triggered to launch on a per-app, on-demand, or always-on mode to secure the connection over the insecure Internet. This provides users with a seamless experience while ensuring business data is always secure.
4. Distribute email, PIM, secure browsing
Remote workers need secure access to resources on their devices that are integral to everyday work, such as email, calendars, contacts, and secure browsing. Advanced UEM systems can remotely configure and secure both native productivity apps or cloud productivity apps that are part of the Office 365 bundles and G-Suite.
5. Deploy video conferencing, collaboration and other business apps
Employees also need access to business communication tools to overcome the geographical barrier between their colleagues. UEM can silently install these applications so each member of the workforce doesn’t need to search and download each one individually. In addition to reducing helpdesk tickets, remote installs and configurations mean that employees can quickly adapt to be productive at home.
The use of collaboration applications on an unprecedented scale means that bugs and vulnerabilities are constantly been found and fixed. UEM automatically updates applications to unburden the user and ensure that they are always operating on the most secure and up to date versions of apps.
6. Remote troubleshooting to increase helpdesk efficiency
As this is a situation a lot of workers have never found themselves in before, they will undoubtedly be confronted with a number of challenges when using new tools, applications and systems. It is therefore imperative to empower IT teams with tools that enable remote screen sharing, so they can diagnose and fix issue efficiently.
7. Use passwordless authentication methods
Malicious actors have been taking advantage of COVID-19 anxieties in increased attempts to gain user credentials via social engineering. Security consultancy Barracuda has recorded a 667% spike in phishing attacks globally. To avoid being phished, organisations need to take away the bait: the password.
Multifactor authentication can help protect organisations from social engineering by integrating with the biometric capabilities of devices. Tying a physical and personal attribute to the virtual verification process, is much more secure than a username and password that, ultimately, could be distributed amongst any user or bad actor.
8. Deprovisioning for end-to-end lifecycle management
Tracking the state of all devices being used to connect with business resources is important from a security and compliance standpoint. With UEM and threat detection systems, IT teams can track the security status of devices and their critical information such as operating system versions and applications. If the user needs to retire a device, unenrolment can be initiated immediately. In the event that a device becomes compromised, IT teams can wipe business related applications to remediate the threats. This goes a long way in protecting user privacy while reducing the liability of organisations as they adopt BYOD programs. This ability to deprovision devices remotely and selectively delete data is critical for an end-to-end device lifecycle management program.
Brian Foster, SVP Product Management, MobileIron