From temporary measure to permanent practice: Securing remote workers for the long haul
As working from home has become the new standard in many quarters, the onus is on Australian law firms to ensure their security protections are up to the mark, writes Glen Maloney.
How would you have reacted if someone told you that you would be sending your entire workforce home to work for several weeks or months? Wind the clock back a year and few business leaders would have believed this was what 2020 had in store.
Extraordinary events call for extraordinary measures. Remote working made it possible for thousands of Australian organisations, including many law firms, to maintain business continuity at the height of the COVID crisis. And as the economy continues to open up, many have indicated they’ll retain the practice, for some or all of their employees, some or all of the time.
But – and it’s a big but – mass remote working will only work long-term, if steps are taken to ensure corporate systems and data haven’t been compromised by what was, for many organisations, a rapid, unplanned transition to a decentralised working model.
Tallying the benefits
The benefits of a remote workforce can be considerable. They include reduced overheads, courtesy of the fact that a smaller office-based workforce calls for a smaller real estate footprint, and the ability to recruit employees from further afield and offer them more flexible working conditions.
Making access secure
Most enterprise cyber-security protections are designed to provide perimeter protection for a cluster of employees working in a central location, not a far-flung workforce using a disparate array of devices to access the network.
A distributed workforce introduces new security concerns, as well as network performance issues like RDP and VPN usage. Virtual private networks and virtual desktop infrastructure can offer effective protection, provided they’re configured properly and monitored closely.
Ensuring security professionals have end-to-end visibility of the delivery chain and can quickly spot abnormal usage and behaviour patterns is critical – think failed log-ins and repeated lock-outs, the hallmarks of an attacker trying their luck.
The COVID crisis has also led law firms to look for flexibility in handling dynamic work environments and hastened their move to the cloud. As organisations migrate core applications to the cloud – it’s important to maintain visibility of their ICT infrastructure without creating data and team silos which are difficult to monitor.
Protecting your people
Employees can be the strongest link in the security chain, or the weakest. The COVID crisis has tested their mettle on the cyber-security front and will continue to do so.
Since the pandemic was announced in March, hackers have been making hay – inundating Australians with scams and phishing campaigns designed to trick them into parting with their security credentials or with sensitive information that can be used to compromise their employers.
The Australian Cyber Security Centre has noted a surge of activity from malicious cyber actors whose messages purport to contain information about COVID testing, financial relief and the like have reeled in unwary offsite workers whose guard is down.
Meanwhile, many individuals continue to rely on weak and reused passwords as their sole authentication factor for personal devices – devices which, in many cases, are being used to access corporate networks.
Employers who want efficient and safe remote workers need to invest in solutions that will provide the needed visibility to quickly detect and respond to threats and easily investigate VPN and application performance issues. Network detection and response (NDR) solutions have been a big help to organisations to monitor remote workforce to ensure both security and performance of the distributed network.
Safer remote working for the long haul
Unprecedented events have seen remote working morph from stopgap measure to standard business practice in just a few short months.
Reassessing your firm’s cyber-security posture and taking steps to strengthen the protections you have in place will enable you to reap the benefits of this new modus operandi, without exposing your organisation to avoidable risk in the process.
By Glen Maloney, ANZ regional sales manager, ExtraHop