As IT professionals work diligently to provide remote workers with communications and collaboration tools during the coronavirus crisis, one issue has come into full focus — security. This topic was touched on in a Zoom webinar last week, during which a panel of company executives and customer CIOs from different industries and Zoom representatives discussed the challenges of enabling remote working.
Getting the Gear, VPN Connections to Employees
“One of the things that companies have always had a problem with is sending people home to work remotely full time,” said Gary Sorrentino, a consultant for Zoom, kicking off the conversation on security. When it comes to remote working, many security concerns come from the reliance on a virtual private network (VPN), which might not have enough capacity to support the users, Sorrentino went on to explain.
With a VPN connection, work-from-home workers are connecting via a home broadband connection, which can be unsecured, so ensuring that workers understand at-home security basics (setting WiFi passwords, etc.) is a must, Upinder Phanda, VP and CIO of Unisys, and others agreed. Additionally, while transitioning might be out of the question during the COVID-19 crisis, a virtual desktop infrastructure (VDI), which allows users to connect to a central server that hosts a desktop environment, can provide a safer, more secure approach to remote working, Phanda suggested.
Another part of the security puzzle is the devices themselves. Ideally, remote workers will be using corporate-owned devices installed with appropriate security software. That’s key, Phanda said. However, unless your company already had outfitted employees with laptops for working at home, getting everybody situated with corporate devices could be logistically challenging, he added. One possible solution comes in the form of recommissioning devices that would have been normally phased out with a refresh program, Phanda recommended.
Executing, Adjusting Security Strategies
While the volume of remote workers might be unprecedented, leveraging an existing security strategy will help alleviate many issues that might arise, said Bryan Ackerman, managing partner and former CIO with the management consulting firm Korn Ferry. “If this is the first time you’re exploring a defense in depth strategy…. you’ve got a different problem to solve,” he noted.
By this point in time, for example, every enterprise should have a strategy in place for preventing email phishing, Ackerman said. But, as Sorrentino noted, email filters are having a hard time identifying legitimate and scam emails related to coronavirus. In this case, Ackerman suggested a two-pronged attack: preventing these emails from reaching employees and, when that fails, reminding employees about and retraining them on phishing and security.