For corporate IT teams, getting through the initial lockdowns of COVID-19 often required a grab-and-go approach to get workers what they needed as they fled corporate offices and set up shop at home.
For some, that meant taking home whatever they needed from the office to get started with remote working. Many others needed new laptops and other gear.
“Overnight, we urgently had to set up our clients to work from home,” recalls Katherine Garratt, content manager at SuperFast IT, a tech support firm based in Birmingham, England. “We were ordering huge quantities of laptops at the beginning of lockdown, but suppliers became out of stock very quickly.” End result: a mad dash to get workers up to speed again, but often without normal security protocols in place.
No surprise then that 85% of CIOs admit they compromised security standards in early days of the pandemic, according to a September 2020 survey of more than 900 IT professionals by data security firm Netwrix.
With no mass migration back to the office on the immediate horizon — and nearly two-thirds of employees thrust into remote working saying they want to keep doing so, according to Gallup — companies need better strategies to distribute, secure, and maintain workers’ devices and software. This is especially true for small and medium-sized enterprises (SME), which often lack resources to tackle remote-work challenges at scale.
[Read also: What happened when the world stayed home?]
And it’s especially crucial today to prevent cybercriminals from using the techniques of lateral movement, where they hop from one device or endpoint to the next, often obtaining increased permissions from user to user, and moving deeper into an organization’s network.
Here are five strategies for improving and securing the WFH supply chain.
1. Centralize and secure hardware distribution
Running a centralized inventory system through which IT teams distribute and manage laptops, PCs, and other equipment has become a daunting logistical challenge during the pandemic, especially for SMEs, which often lack scalable device-management tools. So how do you get laptops and other devices to remote workers efficiently?
The most effective method, experts argue, is a daisy-chain approach: Manufacturers ship laptops and other devices to the employer, where IT team members configure them, record them into inventory, and install security software before shipping out to employees or arranging for pickup.
This approach requires more steps (as well as some additional time and expense) than remote configuration, but it’s well worth it, says Garratt, since it avoids relying on employees to install or correctly use the security features. Employee negligence accounts for roughly 20% of all corporate data breaches, according to Bitdefender.
2. Launch a private app store to distribute and secure new apps
IT teams can restrict access to applications on user devices the same way they manage other security features. But how should they securely install new applications for remote employees?
The most efficient and secure method, experts say, is to launch a corporate app store — a private version of a commercial app store — through which workers can download and install new productivity and business applications. An app store also gives companies control over licensing and configuration. IT departments don’t need huge budgets to build these, either: A wide range of private app store platforms, such as Appaloosa and Digital.ai, are available and relatively easy to set up and launch.
3. Double down on remote support tools
IT help desks provide critical services to employees in every enterprise. Many already rely on remote software tools to manage and resolve user issues. But others still offered in-office, “genius bar” services for urgent or complex problems. That all disappeared with the pandemic, leaving many IT teams scrambling to handle bigger caseloads with digital tools.
An array of cloud-based remote troubleshooting tools — which allow IT help desk employees to securely see remote workers’ screens and fully interact with their desktops — help technicians run diagnostics and make repairs, often in minutes.
4. Manage BYOD security through virtual desktop tools
Most companies have long since come to terms with BYOD — employees who rely on their own equipment to do corporate work. But the IT and security challenges have grown along with the number of BYOD users in the workforce.
Employees who were unaccustomed to working from home before the pandemic often know the least about necessary security requirements. “We’ve seen a marked increase in data breaches because people are able to access files in the cloud but they’re using less secure home machines to do it,” says Ed Hardie, technical director of UK-based tech consultancy Impelling Solutions.
Educating users about security requirements is always important, but for employees who log into business applications remotely through virtual desktop tools, IT teams need another layer of security. Virtual desktop security tools provide that security to any endpoint device during working hours, then switch to personal-use mode when needed. These tools also keep corporate data off of personal machines.
5. Secure the retirement process
All enterprise devices have a limited life span. For laptops, it’s typically three or four years. When it’s time to retire one, companies should reverse the process they used when they first commissioned it: Send the device back to an IT staffer for formal decommissioning and then on to recycling or disposal.
Of course, you can’t ship a laptop full of proprietary data through the mail. IT teams should use remote wiping software on any device before it leaves the employee’s home. Recycled devices can contain old user permissions, some of them with administrative access to sensitive data and network controls. If cybercriminals can gain access to a machine with those higher level permissions, they can use it to move laterally and do more damage.
For SMEs not equipped to handle the last step of the process, they can outsource recycling to specialists. “We used to handle these things ourselves,” says Dave Koopmans, solutions engineering manager at Minnesota-based Scantron Technology Solutions. “But now with security needed all the way to the end of life of a device, we use secure recycling facilities to properly dispose and recycle.”