Q&A: Don’t forget security while working from home, says Pulse Secure

April 2nd, 2020 | by Alfred Siew
Q&A: Don’t forget security while working from home, says Pulse Secure
Joe Signorelli, Pulse Secure’s vice president for Asia-Pacific and Japan. PHOTO: Handout

Cloud-based digital tools have allowed many businesses to continue functioning as employees stay at home in recent months to fight the spread of the coronavirus.

However, just as important are security measures that companies take to ensure that they keep out cyber threats, which have become increasingly prevalent as more people log on digitally, experts warn.

From party crashers in Zoom video calls to more serious data theft, the threats facing this digital transformation going on globally now are real.

Businesses taking the first steps in this new style of work have to have robust measures in place, says Joe Signorelli, vice president for Asia-Pacific and Japan at Pulse Secure, a security access vendor.

For starters, have a policy of trusting no one even in your own network, so every user is continuously checked whenever he accesses a service or a set of data, he explains.

NOTE: Replies have been edited for brevity and house style.

Q: Based on what you see from your customers, how much of an increase in traffic have we seen from remote working since the coronavirus crisis erupted worldwide?

A: Remote working and telecommuting have been widely accepted in the United States, and there has been an upward trend over the last 10 years growing 91 per cent, before the coronavirus outbreak even began.

While workforce mobility and work-life balance initiatives have been steadily growing, remote working has not been a standard practice in Asia, where teamwork with fellow colleagues and on-site punctuality in reporting for work are encouraged.

Over the past couple of months, we have seen a dramatic increase in remote access and work from home across Asia due to safety measures to contain the spread of the coronavirus. Businesses have been quick to accommodate the sudden and necessary shift in work culture.

However, in a recent Gartner Research snap poll, 54 per cent of human resource leaders indicated that poor technology and/or infrastructure for remote working is the biggest barrier to an effective work from home model.

Q: How well are businesses coping with having to work digitally?

A: Businesses are coping well with having to work remotely, thanks to digital productivity tools that are available today, such as video conferencing, document collaboration and the use of VPNs (virtual private networks). These serve to help employees remain productive without leaving home.

While remote working has been shown to increase employee results and foster better work-life balance, it is also crucial for businesses to understand and be aware of security issues associated with remote access.

These include malware, identity theft, cyber attacks and data leakage risks. They require organisations to put in place policies and controls that ensure proper endpoint security, encrypted connections and appropriate data protection measures for today’s mobile workforce.

As more resources and applications are distributed across the data centre and cloud, enterprise attack surfaces have also expanded. This requires evolving traditional perimeter-based approach to defending company applications and resources and applications.

Businesses have to make sure employees can quickly and easily access applications and information while adhering to compliance standards and data safety obligations.

Employing a “zero-trust” model of continuous identity and device verification can help ensure that only authenticated users with compliant devices can connect to authorised applications over the network.

Q: How aware are businesses when it comes to security for remote working?

A: Enterprises are generally aware of security challenges associated with remote working and many have implemented basic capabilities to enable access to their multi-cloud environments.

However, as companies have dramatically expanded work from home and remote access capacity, they are realising that providing easier access and enforcing a consistent security policy can be challenging.

For example, while many Web applications have simple user name and password access authorisation, keeping track of these disparate passwords is frustrating for remote users and help desk personnel.

Sometimes, the simple authentication is not strong enough to prevent identity theft and unauthorised access. This requires the use of single sign-on and multi-factor authentication technologies.

In addition, simply providing access to SaaS (software-as-a-service) applications and data centre resources does not ensure that the devices being used are secure or that endpoint defences are current and active.

This is especially the case as employees use not only devices provided by the company, but also their personal and public devices.

If unchecked, any remote device use leaves room for phishing and malware exposure as well as data leakage due to lost or stolen devices.

Organisations need to ensure data in flight is protection which requires that connection encryption is active.

Modern VPN solutions offer flexible modes of data protection with advanced options such as always-on, per application and simultaneous encrypted connections that do not require the user to make a decision.

It is largely the employees or users who are often not as informed, vigilant or cautious, and may let their guard down when working from home.

People are always the weakest link in security. Remote workers should be educated by their employers on security threats they could potentially face while working from home, such as using unsecured Wi-Fi networks and shared devices at home, as well as online scams targeting remote workers.

With large-scale remote working and work from home becoming a necessity, cyber criminals are going to have a field day exploiting vulnerable users and getting unauthorised access to sensitive personal and company information.

Businesses should therefore constantly remind remote workers to practise safe computing, and offer advice and tips such as using strong passwords, identifying phishing emails, and using anti-malware and anti-phishing software

They should be backing up their device to stay protected while working from home during this health crisis period.

Q: What happens after the crisis? Will people go back to the office as before and keep remote working as a disaster response tool?

A: Corporate culture still has a large role to play in determining whether remote working is allowed, but we do believe more companies will be more inclined to offer remote working as an option as they would have experienced its benefits and advantages during the unfortunate Covid-19 outbreak.

With secure remote access and endpoint security technology, in conjunction with end user education, working from home business continuity and future work-life balance initiatives can be efficient and safe.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.