Remote work offers many benefits for employees, including better work-life balance, lower costs, and higher productivity. Security teams can face many challenges with a dispersed workforce.
Not least, how remote work impacts security incident reporting. Incident reporting can be a problem as companies become more adept at implementing security technology and processes better suited to remote mass work.
Security teams must review and modify their reporting policies to adapt to remote work. Forrester Senior Analyst Paddy Harrington told CSO that having remote workers can lead to security issues.
7 Ways Remote Work Impacts Security
This is because there are many networks to manage, and not just one network. It’sIt’s one thing to manage 12 networks because there are 12 offices. But if you have 1,000 employees, 900 of whom are remote, and you have 912 networks.
“This means that even the reported incidents will vary greatly because everyone’severyone’s home network may be different,” Harrington warns that security teams can become fatigued if only a small percentage of incidents are reported.
New challenges in incident reporting
CSO is told by Austin Wolf, Code42’s staff information security analyst, that many factors can impact cybersecurity incident reporting from remote workers. Do you use Slack, Teams, or email to reach out?
Do you pick up your phone and call someone? How can you ensure everyone is on the same page during an incident? Teams need to work together when an incident happens. It can sometimes be more difficult than gathering around a computer screen to corral your team.
Taharka Beamon is the Reed Exhibitions SOC manager. She says that employees working in traditional offices typically contact the local help desk to report incidents. However, many prefer to see IT staff explain unusual or potentially malicious behavior.
This can be problematic if a remote computer system is compromised.
Businesses are more likely to be affected by poor reporting from employees outside the office. According to Jonathan Wrolstad (senior threat intelligence manager at ExtraHop), they may need to report an incident sooner.
Mirza Silajdzic is a cybersecurity analyst at VPN Overview. She says that the differences in time zones can cause delays in reporting or response times.
Remote work can influence employee security behavior.
Richard Jones, Orange Cyberdefense’s global CISO, said remote work could also impact staff behavior and cybersecurity awareness. Establishing a routine for employees, such as an office structure and organization, provides them with clear boundaries and rules that define what is work-related.
This perimeter can be removed, and employees may need help maintaining the vital human element of security protection. People adapt to their surroundings, and responsibilities become blurred when working from home. Jones says that staff will change what they consider security incidents over time.
“A lack in mental or physical contact with an office can lead to employees being tempted to downplay the severity of an infringement and not fully understand the relevance or application corporate policies within their home environment,” Keiron Holyome, Blackberry’sBlackberry’s VP UKI, Eastern Europe and Middle East and Africa.
He says remote users might be less likely to report security incidents due to embarrassment. Cyber shame is a reluctance or fear to report a security breach out of embarrassment. It can lead to potential threats being ignored or even buried.
Remote working can also negatively impact system- and endpoint-based security incident response and reporting, according to Immanuelchavoya, emerging threat detection expert at SonicWall.
For example, if a system flagged a user’suser’s machine as a potential malware intrusion, it may take some time for the security team to be able to make any updates. However, an engineer can access the device immediately and take any action.
Chavoya says that remote workers pose a security problem to businesses. They need help to see all endpoints in their system.
This makes it difficult to perform core security detection and report on them. Remote access can cause endpoints to become dissimilar in their locations, which could lead to disruption of the corporate infrastructure and an increase in the time it takes to detect malicious activity.
Customer confidence is lost when there is poor reporting.
Remote working can lead to a slowed reporting process, posing serious risks. When incidents go unreported, reports are delayed/miscommunicated, or follow-up actions/responses are hindered, it can expose vulnerabilities and buy attackers time in the system to infiltrate more of the network.
This can increase the severity of attacks and incidents and damage a company’s reputation and ability to comply with data protection regulations that require strict disclosure. These can lead to customer distrust and severe monetary penalties.
Security teams must update their reporting processes and policies to reflect the security implications of remote work. Holyoke says that the home-and-hybrid working trend will be around for some time.
Security teams should rely on something other than processes and policies created for an era in which most employees worked in controlled offices. He adds that teams should be careful about approaching new strategies to avoid introducing more threats.
Policies for reporting remote security incidents
Beamon states that effective remote security incident reporting is crucial for establishing clear, documented, and simple-to-use communication channels.
Establishing internal policies for maintaining and timely updating contact information for IT security teams and IT is essential. It is the responsibility of teams to ensure that employees have access to IT and security personnel.
This can include providing anonymous communication channels, phone, and email as the best option depending on the situation.
Employees should be encouraged to keep contact information, quick reference instructions for IT and security teams, and company phone numbers for emergencies. Hicks says that effective marketing is the best way to get this information out there.
I’ve used this information over the years on mouse pads, coffee mugs, posters, and other promotional items. Keeping the number consistent from year to year is important, making it short and sweet when reporting email addresses.
Chavoya says contact hours should be reviewed to accommodate users who use their devices for personal reasons outside work hours. This could include replacing in-person responses when users need to re-image their machine remotely. Users may also require greater guidance regarding OS imaging.
Holyoke states that teams should review their accessibility for incident reporting to those, not in the office. Are there easy instructions or contact numbers that people can use in case of an internet outage?
Can employees still contact the IT team if they cannot access corporate software because of the breach? Is the company committed to a culture of no blame and empowering employees at all levels to report problems freely and without fear?
Employee safety is maintained through training and awareness-building
Experts agree that training and awareness are important tools. They should include the importance of reporting any potential incidents and stress the increased security risks remote workers face.
Holyoke states that home-working workers can maintain regular communication on security topics to keep the case in mind. This will help them work towards eliminating cyber shame.
Security teams should share real-life examples with staff as part of these activities. They also need to ensure that incident reporting numbers do not appear in KPIs to demonstrate the effectiveness of strong security.
This is unless it is intended to identify an individual business unit that reports the least incidents and may require further awareness training. These exercises should also be promoted to senior leadership.
Beamon states, “Tabletop exercises should be combined with more realistic simulations to ensure that all employees can report any potential incidents remotely.”
Wrolstad says that security teams must be able to identify the top threats facing remote workers and provide clear guidance on how to report them.
Wrolstad says that security is only top-of-mind for some workers. Security teams must remind them of the key threats they face and provide clear guidance on reporting them.
Take the threat level into account.
Security teams must also consider how they prioritize reporting and responding to incidents based on the remote-working threat level.
Beamon states that while VPNs have been around for decades, they have become increasingly important because employees rely on them to access corporate resources and networks.
VPNs must be available while security teams ensure that vulnerabilities are quickly remedied to protect data confidentiality and integrity. Internal teams should prioritize any exposure or incident related to VPN and remote networking connectivity.
Wolf believes there should be a greater focus on the differences between external and internal security incidents. It’sIt’s crucial to distinguish between internal and external security incidents. Otherwise, the approach to investigating employees would be different from external threats.