Cybersecurity Risks with a Remote Workforce

Companies have been embracing the digital transformation movement for some time now. The COVID-19 pandemic has accelerated that transformation by six years according to some estimates. Even prior to the pandemic, organizations were finding substantial benefits in allowing, or even requiring, employees to work remotely.

Among those benefits are reduced physical investment in brick and mortar infrastructure (along with the accompanying maintenance requirements), plus a surprising increase in overall productivity due, in large part, to the elimination of the daily grind of preparing for and commuting to/from the office.

Remote Workforce = Increased Productivity

Employees who commute every day are more prone to be “clock watchers” in that they have to strike a reasonable work/family balance and are forced to leave the office to face the commute home even if they were immersed in their work. Remote workers, on the other hand, tend to ignore the clock and work according to both their job demands, as well as family demands – and many continue to put in time after the kids have gone to bed.  This has not gone unnoticed by many companies.

Remote Workforce = Increased Security Risks

Although companies are dropping prior barriers to a remote workforce and reaping the benefits, many are ignoring what amounts to a fertile playing field for threat actors. While organizations have spent years and millions of dollars securing their corporate internal networks, remote employees have introduced thousands of potentially insecure endpoints to that network.

Following is a high-level summary of the initial steps firms must take to secure these new insecure network endpoints:

1. Deploy only secure gold disk images on remote IT assets

Employee laptops and/or mobile devices used in a remote environment need to have the very latest security best practices baked into the gold images used to build and deploy those assets.

2. Ensure all employee’s IT assets are encrypted

Encryption will prevent any ransomware attack since a device that’s already encrypted cannot be encrypted again.

3. Deploy a secure VPN to all remote workers

Since remote workers access the organization’s internal network via the internet, having a secure VPN connection is critical for your company’s information security.

4. Control what personal IT assets your remote employees can use (i.e. printers, scanners, IoT devices, etc.)

Restrict what devices employees are allowed to connect to the remote company-owned IT assets, such as a personal printer to a company-issued laptop.  Personal devices are typically not vetted nor hardened for security, and many of them can open a window to your internal network.

5. Provide and enforce basic security awareness training

Security training is one of the best front-line defenses against a cyberattack on your firm via your remote workforce.   An employee who is aware of the types and methods of cyberattacks and how they are perpetrated is in a much better position to recognize and prevent the firm’s remote IT assets from being compromised.

In my next article, I will delve a bit deeper into the actual types of cyberattacks your remote workers will be subject to, how to make them aware of these attacks, and how to respond.

If you’re interested in identifying and closing gaps in your cybersecurity network, or in training your workforce, please contact me at i3 at 212-590-2333 or by completing a Contact form on the i3 website. 

Published on March 12th, 2021


by Steve Wantola

Steve Wantola has had a long-standing professional relationship with i3 and has the highest respect for the company’s management, its operational integrity, and dedication to its clients. Mr. Wantola holds a Certified Information Security Manager (CISM) certification from the ISACA, is a Registered Practitioner (RP) for the Cybersecurity Maturity Model Accreditation Board (CMMC-AB) and has served on the Cybersecurity Advisory Board of Rutgers University.

Find out how i3 can support your staffing and consulting needs: