Fortinet’s report confirms what’s already known: No one was prepared for the sudden shift to remote work, which has left businesses struggling to adapt and making rapid changes to prepare for the future.
As businesses move to align with a long-term remote world, there are a number of things they’ll need to do differently; Fortinet found that 92% plan to increase their budget for remote work tools, and three quarters plan to invest in VPNs, cloud security, and network access control programs.
Many of these investments were unplanned but are now necessary, the report said. Two-thirds of organizations moved more than half of their staff to remote work due to the pandemic, and 29% said they plan to continue having more than half of their employees work remotely once COVID-19 dangers have passed.
One of the more interesting statistics Fortinet included was that 43% of respondents are considering changing security vendors due to issues encountered during the pandemic. Security for remote workers has been a challenge, Fortinet said, and is also a critical area that businesses must improve in.
Require multi-factor authentication: VPNs are a necessary part of security for remote workers, but “they don’t address the inherent insecurity of simple username/password logins,” the report said. Requiring multi factor authentication for all users, whether in the office or remote, makes stolen passwords much less of a risk.
Implement network access control: “IT teams can’t secure what they can’t see,” the report said, which is why network access control is so important. By profiling each machine as it connects to the network, and what access it has, IT can more quickly respond to suspicious events.
Endpoint detection and response is essential: EDR “proactively reduces the attack surface, prevents malware infection, detects and blocks malicious activities in real time, and can automate response and remediation procedures,” the report said.
Create a business continuity plan: Business continuity plans should include remote workers, and should establish plans to keep operations running normally in the event of a breach or other disaster.
Make security complex, but not messy: Instead of having a multitude of security tools that don’t speak to each other, organizations should have a single solution with “security controls that are seamlessly integrated with consolidated management, orchestration, and reporting tools reduces the overhead associated with telework security deployment, configuration, and troubleshooting,” the report said.
Cybersecurity Insider Newsletter
Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays