Corona Virus has resulted in a rapid shift to work across many industries. But how can companies balance employees need to access sensitive company information with the company’s need to maintain strict security controls? In this opinion piece, Rachael Stockton of LogMeIn and LastPass describes the 10 things to consider as employees transition to remote work.
Businesses worldwide are transitioning their corporate offices to virtual offices. Making the change to a full-time remote workforce can be challenging; employees need to access all the applications required to perform their role, while IT needs to ensure that every interaction with the business is a secure one. If an employee is unable to access their work, they lose productivity. However, if an employee gains access to their work in an insecure manner, the business is at risk for a breach.
In the teeth of a global pandemic, both IT and employees are faced with new challenges in remote work environments. Fortunately, identity and access management (IAM) solutions can help make the transition easier: enabling employees to securely access their work while giving IT control and insight over end user behavior.
When building your remote work IAM strategy, the goal is to ensure you are enabling employees to securely interact with the business while also helping IT enforce security. Here are our Top Ten IAM considerations to help simplify and secure your transition to remote work.
How do you securely manage access for every employee in a time where every employee is working from a different place? Single sign-on (SSO) is an integral component of a remote IAM strategy and gives IT teams the control they need to manage which employees have access to which applications. IT can grant access to an application to an individual or group of users, all with the insight into which users are logging in and the flexibility to revoke access as needed. Setting up SSO for the first time during remote is simple with pre-configured integrations, and employees can simply authenticate into their work using only one password.
When employees are not in the office, it’s even more important for IT teams to ensure the employee is who they say they are. A great best-practice is to add multi-factor authentication (MFA) everywhere, but to also consider the balance of security and productivity. Too much friction in the authentication experience will slow employees down, but factors such as biometrics enable employees to securely authenticate at the touch of a fingerprint.
Lock down your VPN
A virtual private network (VPN) enables employees to connect to the corporate network even if they are not in the office; VPNs are particularly important if employees are using a public WiFi network. We recommend every business leverage a VPN, and to add MFA on top of the VPN.
Protect your workstation
The workstation is one of the most exposed access points in an organization. The risk is even more real when every employee is working remote. By adding an additional layer of security to the workstation, even if your employee’s device is compromised, hackers will be unable to log in because they would not be able to authenticate with MFA.
Be contextually aware
Consider factors such as time, device or location. Should an employee be logging into an application outside of standard business hours? What if an employee attempts to authenticate on an unknown device? How about if there’s an authentication request from a country you do not operate in? Contextual authentication is especially critical for IT teams in the times of remote work offering the additional flexibility to customize authentication requirements and ultimately tighter control.
Even when teams aren’t in the office together, they still need to collaborate. This is particularly important when teams are remote and need a secure way to communicate and share credentials with their team. We recommend sharing credentials through a password manager, so that every password is encrypted and no one who shouldn’t have access to the password gains access.
Every password is an entry point to the business. Passwordless authentication remove the password from the employee login experience so that password risks and frustrations are eliminated. For every other password in use, enforce strong password requirements such as 12 or more characters in length, a variety of numbers and symbols, and a mixture of upper- and lower-case characters. A password manager can generate strong passwords for you, and then encrypt and stores the credentials so they are always secure.
Get ahead of phishing
The solution to combatting phishing starts with education amongst your employees: investigate the source of the email, identify the sender, evaluate the language of the email, and never provide personal information. In the event that you or your organization does fall victim to a phishing scheme, make sure you have a mitigation plan to detect and respond to the attack.
Tackle shadow IT
Shadow IT are the devices and applications brought into the organization that are not managed by the IT department. When building your IAM strategy for remote work, ensure that you have a plan in place for shadow IT. Considering adding MFA across devices and using password management, so employees have a centralized location to store all of their credentials – the ones IT does and does not know about.
Maintain complete insight
Even though your employees aren’t physically in the office, you need to know who is accessing what application, from what device and from where. With all of the above considerations in mind, ensure you have complete insight into employee behavior through detailed reporting so you can monitor activity with the insights to make access and authentication adjustments as needed.
Remember: your first duty is to keep employees safe, healthy and productive and to keep the business secure. While the transition to a remote workforce may be challenging, IAM can help make it easier by securely connecting employees to the work required for their role, while IT maintains complete control and visibility so the business keeps running smoothly.