Given the unusual recent circumstances, many employees around the world are finding themselves in a situation where they must work from home or remotely.
I’ve been working remotely for almost 15 years, so I thought it would be great to share some of my experiences, cyber security best practices and tips, and lessons learned on how to stay focused, writes Joseph Carson, an international cyber security expert.
I am fortunate that Thycotic is a global company that embraces remote workers. Our company culture is one that, no matter where in the world we work, our strength is our people, collaboration and teamwork. Our technology helps our employees, partners and customers securely access critical systems and applications regardless of their location. We enable businesses to continue growing even in emergency situations, such as now.
I sometimes find myself working from the most unusual places, be it from my home office, country house in the middle of nowhere, or on a remote island. And once I was quarantined years ago with the swine flu! I’ve had some similar experiences, so let’s continue and hopefully things will get to back normal as soon as possible.
This is a shorter version of the full article originally published in The Lockdown - Thycotic's Cyber Security Blog on thycotic.com.
Security should never be optional, but it must be usable.
In today’s connected world, even for remote employees, third-party vendors, partners and contractors, information security must always be a top priority. Most organizations have employees who work remotely, use third-party vendors to help manage systems, applications, and infrastructure, or outsource some services, such as customer support or product development. Some companies might even be using Security as a Service (SECaaS) or Managed Security Service Providers (MSSP) to assist with some or all IT Security.
For any remote worker whether an employee, third-party vendor, partner, or contractor, organizations must adopt the right security strategy so they can perform their business tasks and stay productive while at the same time reduce the risk of cyber-attacks. Our job in cybersecurity is to understand what makes the business and employees successful while using our cybersecurity skills to reduce the risks from cyber threats as much as possible. Security should never be complex, and it must be usable so employees will accept it.
A Secure Workspace – How do remote workers access the company’s business applications? Is it by using a personal device (Bring Your Own device or BYOD model), a company owned laptop, or third-party supplied device? This really determines how much trust you have in the security of that system and whether or not a Zero Trust policy should be applied.
Secure Communications – When remote workers are accessing applications or systems, it is important that the communication between devices is secure, either using protocols that encrypt the data such as HTTPS or using a corporate VPN.
Identity and Access Management – For remote workers, having the right access to the right applications is critical for success. A strong Identity and Access Management solution will help automate the ability to switch or provision remote workers to the appropriate access methods and technologies.
The Principle of Least Privilege – Implementing least privilege means granting only the minimum permissions required by an end user, application, service, task or system to perform the jobs they have been assigned. Least privilege is intended to prevent “over-privileged access” by users, applications, or services to help reduce the risk of exploitation without impacting productivity or involving IT.
Privileged access management secures access for remote workers.
When working remotely many employees will need to access business-critical systems, applications, infrastructure and data. Many companies have a hybrid scenario where some business applications are on-premise in the office or a company data center; others may be in a private cloud or public cloud; or the applications might even be truly Software as a Service (SaaS) based. It is essential that no matter where the remote employee might be, they can still securely access necessary business applications.
Privileged access management (PAM) is not just about securing privileged accounts in an encrypted enterprise vault. It is about the secure use of privileged accounts and secure access to privileged data and resources from any location, even for remote workers.
As more companies adopt PAM solutions, they become an important enabler of a holistic security approach that propels the evolution of PAM. This includes integrations across and among security solutions, such as connections to identity management solutions, systems management tools, multi-factor authentication, SIEMs, remote management solutions and DevOps.
PAM solutions enable remote workers to access applications whether in the cloud or on-premise, all while enforcing security best practices.
It is common for companies to enable access to PAM solutions via the internet, and combine authentication with single sign-on and strong multi-factor authentication (MFA).
Ensure your remote workers can stay productive and maintain secure access whether they are accessing remote systems, critical applications, infrastructure or data by using a PAM solution combined with MFA.
The health of remote workers
Prioritizing your health as a remote workers is a best practice I cannot emphasize enough. While working remotely, it can sometimes be unclear as to when you are meant to be working and when you are not. Routine can help put structure around when you are working and when you are off. When I use my home office, I have a sign that says “working” and when reversed it says “playing.” This is also a good indicator for my family. Find a way to let your colleagues know what your working hours are. Get dressed in the morning, talk a short walk for some fresh air and have a set working time.
-- Your health is important—create a routine and stick to it
-- Take short breaks from the computer to stand up or walk around
-- Use a proper keyboard and mouse, and buy a good chair
-- Choose your working location carefully; try to include natural light
-- Use your full lunch and tea breaks
-- Socialize with people via online channels, such as Slack or Teams
-- You don’t always have to work inside. Go outside and work from a park.
Self-development as a remote worker
You are in control of your time, and when working remotely it is important to continue your professional development by learning new skills and new ways to be effective. When working remotely, you must set aside sufficient time to learn.
-- Listen to a podcast
-- Watch a webinar
-- Take an online course
-- Read a book
-- Have a mentor to discuss self-development
As you can see, working remotely is possible but it requires self-discipline. You must take good care of yourself by creating and sticking to a plan when working remotely. In today’s world, it’s so much easier to be productive when working remotely and companies are now far more accepting of remote employees. Of course, we are going to find some limitations in the tools, so learning how to adapt and scale is going to be a constant learning experience.
I hope that these tips and best practices will help you become a better remote worker, especially during times of uncertainty. Stay safe, stay healthy—working remotely is possible with the right tools and the right mindset!
Joseph Carson is a Cyber Security Professional with 25+ years’ experience in Enterprise Security & Infrastructure. He is a Certified Information Systems Security Professional (CISSP) and an active member of the Cyber Security community, also a frequent speaker at Cyber Security events globally. He is an adviser to several governments and cyber security conferences and (ISC)² Information Security Leadership Award (ISLA®) Americas Winner 2018.
Thycotic is one of the world’s fastest growing IT security companies. Thycotic provides a full-featured privileged access management (PAM) solution and prevents cyber attacks by securing passwords, protecting endpoints and controlling application access.