When COVID-19 came, most companies asked their employees to work remotely which ushered in many IT challenges key among them cybersecurity risks.
According to Kendi Ntwiga Nderitu, Country Manager Microsoft, Kenya the shift led to a sudden spike in the need for remote access to apps, VPN scalability constraints, bad actors exploiting COVID-19 themes and VPN vulnerabilities.
Kendi who shared tips at the CIO 100 awards on Securing Today’s Remote Working Environment noted that companies allowed their employees to use their personal devices to access corporate resources thus posing a greater cybersecurity risk. They also experienced challenges onboarding and managing new and personal devices and difficulties in rolling out security controls.
According to Kendi, organisations have to consider three key areas when securing their remote working environment. These include enabling remote access to applications, managing devices and applications, and protecting corporate resources.
“In enabling remote access to applications, companies must ensure that users must have secure access of all their applications including the dispersed software service, installed applications and on-premise applications. Employees must also have a similar experience from wherever they are logging in from. They should extend secure collaboration to their contractors and partners as well as enable strong authentication,” she advised.
Kendi highlighted that managing remote devices and applications is the most critical aspect of securing your remote workforce. “This means managing remote personal and corporate devices and apps. Companies should remotely provision and deploy new devices. Deploy and manage virtual desktops and proactively manage updates, patching and policy”.
To protect corporate resources, Kendi advised organisations to put in place policies that protect sensitive data and guide the behaviour of employees at home. She added that they should also protect data by securing data in their cloud apps, securing their endpoints as well as keeping employees safe from phishing and malware attacks.