Remote and hybrid work is here to stay. In an increasingly complex security environment, no challenge looms larger than how to protect remote devices that tie back into the corporate network.
In fact, modernizing networking technologies ranks among the top IT goals for 2022 according to an IDG survey conducted on behalf of Insight Enterprises.
With more users working remotely, tools and processes designed for corporate networks are less effective for endpoint protection, leaving IT teams scrambling to keep their users protected. By some estimates, cybercrime could cost companies an estimated $10.5 trillion annually by 2025, up from $3 trillion in 2015.
When polled, CIO Experts Network of IT professionals and industry analysts stressed the need for employee buy-in, as well as a commitment to device management and endpoint security.
Most importantly, however, is building a strong security culture that encourages best practices across the organizations. The IDG survey found that 36% of respondents say that mitigating risk with stronger cybersecurity programs is a top objective for 2022.
According to several influencers, that requires acceptance and buy-in from leadership:
“Corporations should look at homes as an extension of their organization’s boundaries. Which means that the same/similar tools, technologies, processes, and safeguards should be taken into consideration for people working from home.”
— Arsalan.A.Khan (@ArsalanAKhan), a tech advisor
“All devices, regardless of home use or business use, should incorporate cyber security and accessibility. It is critical to understand any potential security issues that might crop up on their home networks. Creating processes that incorporate these best practices will help you keep your employees’ technology and devices safe.”
— Debra Ruh (@debraruh), Ruh Global IMPACT and Executive Chair of Billion Strong
“When someone says, ‘do as I say, not as I do,’ it means they are a hypocrite. Security hypocrisy is when firms don’t enforce the same level of security controls for remote workers as they do on-premises. Firms serious about security must ensure that remote users follow the same robust security controls their onsite brethren do.”
— Ben Rothke (@benrothke), Senior Information Security Manager at Tapad
When leadership takes protecting remote devices connecting to the corporate network seriously, there are three simple steps to take to build a robust security framework for their network.
“There are three device attack protection vectors to consider: the user, their applications, and the network,” says Adam Stein(@apstein2), Principal at APS Marketing. “For the user, keep up to date with ongoing security threats that could possibly impact their work at home. The user’s applications also need regular updating for ideal end-point protection.”
Building Employee Trust and Buy-In
Security is only as strong as its weakest link. For Gene Delibero (@GeneDeLibero), CSO at GeekHive.com, ensuring strong security requires a strong security culture that educates and empowers workers.
“First, and perhaps most important, is creating a culture of accountability around security; it’s not just the company’s problem, it’s everyone’s problem,” says Delibero (@GeneDeLibero). “Organizations can’t expect remote employees to execute security measures effectively when they haven’t been trained on the company’s security policies.”
Steve Prentice (@cloudtweaksteve), a technology integration specialist, argues that truly dedicated organizations should build an entirely new architecture to make sure remote workers, and their devices, are up to the task. “This should become a new branch of internal IT security — specifically investigating, securing, and even penetrating the home offices of employees the same way as is done in an office. Employers should treat their employees’ home workspace and mobile technologies as branch offices — still a less expensive option than paying for building floor space, cubicles, etc.”
Isaac Sacolik (@nyike), President of StarCIO and author of “Digital Trailblazer,” adds that building a security culture should go hand in hand with building a positive work environment. “It all starts with the mindset and practices aimed at improving productivity and supporting work-life balance through flexible remote and hybrid work technology options. As employees gain trust with IT, they’re more open to learning and improving security, including locking down home networks, protecting data, and following IT’s recommendation on protecting devices.”
Securing Individual Devices
After earning buy-in from employees, organizations still need to secure their devices.
“Organizations should invest in a combination of asset management, endpoint detection, data loss prevention, cloud-based managed detection and response, and patch or vulnerability management,” says Kayne Mcgladrey (@kaynemcgladrey), Field CISO at Hyperproof and Senior IEEE Member. “Of those, asset management is the starting point, as an organization should have visibility into the devices accessing corporate data and be able to select and apply appropriate controls to those devices. Those controls then may include endpoint protection or data loss protection, for example, if exfiltration of sensitive corporate data may result in compliance violations.”
Employing this strategy empowers an organization’s IT team to protect the corporate network from a wide range of threats, according to Will Kelly (@willkelly), a writer and analyst. “My best advice for protecting at home devices starts with a solid and robust mobile device management (MDM) solution and supporting processes. An MDM automates operating system updates, security patches, virus scanning, application updates, and device security configuration, such as setting a lock screen.”
Jack Gold (@jckgld), President and Principal Analyst at J.Gold Associates, LLC., takes that one step farther. “It’s important to segregate work at home devices from other users in the family. You probably don’t want your kids playing games or web surfing on the PC you use for doing work. That could be enforced by giving workers a corporate furnished — and managed — PC exclusively for their use.”
Ensuring Endpoint Security
Kieran Gilmurray (@KieranGilmurray), CEO at Digital Automation and Robotics Limited, feels that securing the corporate network relies on implementing quality endpoint security practices.
“Threat actors have taken advantage of the pandemic by targeting unsuspecting remote workers. Every ‘at home’ network connected device is a potential entry point for criminal activity,” says Gilmurray. “So now, employees are provided with a secure VPN between their home network and their corporate offices. The only way to protect remote devices is to apply best practice corporate ‘endpoint’ security practices to every device attached to a home network.”
To compensate, organizations can take a strategic approach that prioritizes high risk accounts and devices. Peter Nichol (@PeterBNichol), Chief Technology Officer at OROCA Innovations instructs to “Start with what the employer can control. Be sure to prioritize energy around high-risk endpoints. Specifically, privileged accounts or accounts with elevated access should be managed within privileged access management (PAM). Companies who act on endpoint security today will save themselves big headaches tomorrow.”
Robust endpoint security helps reinforce human weaknesses in the corporate network, says Frank Cutitta (@fcutitta), CEO & Founder HealthTech Decisions Lab. “The human vulnerability overpowers any technological protection one can install. We’re always just one errant click away from ransom or breach. While it sounds incredibly obvious, setting your computer to lock after a short period of time can also minimize external access along with changing passwords frequently. Face or fingerprint recognition software adds added security.”
While endpoint security is an important part of a robust security apparatus, it won’t protect an organization’s corporate network on its own. “Some advanced precautions might seem like overkill for a home office, but not if we view the home office as a mere extension of the corporate network,” says Scott Schober (@ScottBVS), President/CEO at Berkeley Varitronics Systems, Inc. “Endpoint visibility and detection at each home office allows IT to view the actual number of endpoints that need protection.”
The ultimate answer may come via strong partnerships: The same IDG/Insight survey found that 87% of respondents will rely on third-party providers for support with challenges around infrastructure, operations, and culture.
“‘Endpoint anything,’ including protection that is based with on-premises technology, is limited in what it can do and what it can reach in today’s world. On-premises requires a lot of extra configuration and cost to support devices that are mostly remote when compared to a cloud-based solution in which touching or accessing a device from any location is just native with minimal infrastructure,” says Joseph Flynn, Director of Modern Workplace at Insight. “Endpoint security is harder to drive XDR types of services in an on-premises solution, as AI is usually in play. This tends to drive much of the automation and protection to streamline and increase capabilities. Having those capabilities on-premises in most tools is not possible unless they connect to some cloud platform”
Insight Enterprises, Inc. is a Fortune 500 solutions integrator helping organizations accelerate their digital journey to modernize their business and maximize the value of technology. Insight’s technical expertise spans cloud- and edge-based transformation solutions, with global scale and optimization built on 34 years of deep partnerships with the world’s leading and emerging technology providers.
Chrome Enterprise Upgrade (CEU) from Insight provides a simple and secure way to manage your devices. Try for free today.
Data and Information Security