As businesses worldwide transition to a remote workforce due to COVID-19, like our team here at LogMeIn, many questions arise. How do you maintain security throughout the business? How do you ensure now remote employees have access to the resources they need? How do you foster secure, remote collaboration amongst teams?
While the concept of remote work isn’t new, the transition to a full-time global remote workforce can be challenging. However, with the right identity and access management (IAM) strategy in place, the transition to remote can be made a little easier. Here are our top ten IAM considerations to help simplify and secure your transition to remote work.
Manage access
Just because employees aren’t physically in the office doesn’t mean IT shouldn’t have complete control over who has access to what. Single sign-on (SSO) is an integral component of a remote IAM strategy and gives IT teams the control they need to manage which employees have access to which applications. IT can provision access to a corporate application to an individual or group of users, all with the insight into which users are logging in and the flexibility to revoke access as needed. Employees can improve productivity by securely navigating between assigned applications without needing to type a password each time. Managing access is critical to maintaining security and productivity in remote work environments.
Enforce authentication
Access and authentication go hand-in-hand. Access enables employees to log into an application, but authentication ensures the employee is who they say they are while logging in. When employees are not physically in the office, how can IT be sure the user logging in is legitimate? Multi-factor authentication (MFA) adds an additional layer of security to every login attempt. Framed the around the concept of something you know (like a password), something you have (like a mobile device) and something you are (like a biometric), MFA adds an additional layer of security so IT has greater assurance the employee logging in is who they claim to be. We recommend adding MFA everywhere, but to also consider the balance of security and user productivity. Too much friction in the authentication experience will slow employees down, but factors such as biometrics enable employees to securely authenticate with MFA at the touch of a fingerprint.
Be contextually aware
MFA is a great method of adding an additional layer of security to every login. Another consideration for remote work is to understand the context of the login. Consider factors such as time, device or location. Should an employee be logging into an application outside of standard business hours? What if an employee attempts to authenticate on an unknown device? How about if there’s an authentication request from a country you do not operate in? Contextual authentication policies can help IT teams restrict access based on these specifications. Contextual authentication is especially critical for IT teams in the times of remote work offering the additional flexibility to customize authentication requirements and ultimately tighter control.
Lock down your VPN
A virtual private network (VPN) enables employees to connect to the corporate network even if they are not in the office; VPNs are particularly important if employees are using a public WiFi network. We recommend every business leverage a VPN, and to add MFA on top of the VPN. MFA helps ensure employees are who they say they are before even gaining access to the corporate network, which extends the corporate security parameter no matter where your employees are working from. Biometrics can make authentication on VPN seamless, so employees can get logged into their work quickly.
Protect your workstation
Stolen laptops can physically put your company at risk – the workstation is one of the most exposed access points in an organization. The risk is even more so when every employee is working remote, particularly if they are working from a public location. Our recommendation is to add MFA everywhere, and that includes the workstation too. By adding an additional layer of security to the workstation, even if your employee’s device is compromised, hackers will be unable to log into the workstation because they would not be able to authenticate with MFA. In addition to MFA, make sure your laptop is stored in a secure place to mitigate the risk of the device being compromised in the first place.
Securely share
Even when teams aren’t in the office together, they still need to collaborate. On average, a business uses 185 shared folders and without visibility into and oversight of those shared credentials, businesses face increased security risks. This is particularly important when teams are remote and need a secure way to communicate and share credentials with their team. We recommend sharing credentials through a password manager, so that every password is encrypted and no one who shouldn’t have access to the password gains access. Password sharing also helps teams securely collaborate and ensures every team member has access to shared accounts during remote work.
Reduce passwords
Passwords continue to cause significant frustration and risk – to the degree where 80% of data breaches are caused by weak or stolen passwords. Passwords are even more at risk during times of remote work, especially if teams aren’t securely sharing. Every password is an entry point to the business and if IT doesn’t have oversight into where employees are storing those passwords or logging in from, those business entry points are exposed. Passwordless authentication technologies, such as SSO, integrations and biometric authentication, removes the password from the employee login experience so password risks and frustrations are eliminated. For every other password in use, password management secures, encrypts and stores the credentials.
Tackle shadow IT
Shadow IT are the devices and applications brought into the organization that are not managed by the IT department, referring to trends such as Bring Your Own Device (BYOD) and Bring Your Own App (BYOA) that are increasing in popularity. When building your IAM strategy for remote work, ensure that you have a plan in place for shadow IT as well. Considering adding MFA across devices and using password management so employees have a centralized location to store all of their credentials – the ones IT does and does not know about.
Get ahead of phishing
With COVID-19, we’ve unfortunately seen an uptick in cybercriminals using phishing attacks as a means to gain fraudulent access. Phishing is an effective cyberattack, which is why the solution starts with education amongst your employees. Focus on educating your employees about phishing schemes: investigate the source of email communications, identify the sender, evaluate the language of the email, and never provide personal information. In the event that you or your organization does fall victim to a phishing scheme, make sure you have a mitigation plan to detect and respond to the attack. Password managers can help mitigate the risk of phishing by never auto-filling on suspicious sites.
Maintain complete insight
Even though your employees aren’t physically in the office, you need to know who is accessing what application, from what device and from what location. With all of the above considerations in mind, ensure you have complete insight into employee behavior through detailed reporting so you can monitor activity with the insights to make access and authentication adjustments as needed. In a time when you can’t physically see your employees, consider how your IAM strategy can offer this visibility for you.
Remote work made simpler and more secure with IAM
While the transition to a remote workforce may seem challenging, with the right IAM tools in place it doesn’t have to be. In subsequent posts, we will dive deeper into these topics to ensure your transition to remote work is a simple and secure one.
In the meantime, learn how LastPass Identity can help secure and empower your remote workforce through unified single sign-on, password management and multi-factor authentication.
