Technology

Remote Workforce Security Basics for Mortgage Companies

COVID-19 has caused many businesses to activate their business continuity plans. As businesses change operations over to accommodate a remote workforce, some IT teams may find themselves trying to solve for competing priorities.

Some companies face several challenges migrating to remote workflows so rapidly after years of skepticism and centralized workers. If company leadership has treated working from home as a “nice to have” or an incentive for a select few employees, they may be facing:

• Lack of clear policies and procedures (and perhaps no efficient method of distributing the policies)
• Lack of resources that can be distributed or deployed quickly (this may apply to hardware, like laptops and monitors, or software, like video conferencing software)
• Difficulty evaluating the security of endpoints and remediation of incidents, should they occur

With an unclear future regarding a remote workforce, chances are you acted fast to get employees set up at home as quickly as possible. Now is the time to sure up your cybersecurity resources, so you can help your team work from home with confidence now and in the days, weeks, or months to come.

What To Do Now!

1. Define, Update and Distribute your policies.

Many organizations have cybersecurity policies in place for acceptable use, confidentiality, device security and more. First, ensure your policy makes sense for a remote workforce and make changes where necessary. Here are some key points to touch on:

• Acceptable use
• Asset and content classification
• Business continuity
• Disaster recovery
• Confidentiality
• Incident response
• Mobile device management
• Passwords
• Disciplinary action
• Remote access

Don’t assume your users already know these policies, especially now when confusion and miscommunication can be impactful. Get a sample set of employees to review the policy to see if they understand it and use examples to clarify key points. Ensure employees know who to ask questions to and make sure they feel welcomed to do so. Sending your policy once in an email isn’t good enough, you may need to repeat these messages in the coming weeks to help employees remember them.

2. Think about security in the real world – your endpoints are in the wild.

When employees work from home, they break free of the physical and network security you have deployed within an office. Mortgage offices have a lot of basic security we take for granted every day, from reliable door locks to security cameras to secure paper shredding boxes. Your network(s) also likely has protections like Network Intrusion Prevention Systems (NIPS) or firewalls. However, it’s not impossible to secure your information in a remote workforce home environment.

• If you have not already considered Endpoint Detection & Response (EDR) or Managed Endpoint Detection & Response (MDR), now is a good time to evaluate your options.
• Ensure your password requirements are strong on ALL devices where employees may be accessing secure information (usually this will be laptops and smart phones). 
• Deploy and / or utilize Multi-Factor Authentication for access to resources.
• Encourage encrypted VPN use at all times.
• Consider the real challenges your employees may encounter at home. From children to guests, to the temptation to write down passwords, ensure that what employees are allowed to do with their equipment at home is clear.
• How will you provide remote response or remediation to a suspected incident?

3. Using digital tools – for some it’s easier than others.

Teams that are used to communicating face-to-face may have trouble adapting to digital tools. If your tools are hard to use (or non-existent), a few enterprising individuals may try to solve the problem themselves by downloading tools, plug-ins, etc. from the internet use text messaging, personal email or iMessage. 

It’s important for your team to vet tools for critical communication functions, then communicate and assist your users in using them. Tools like Zoom, Slack, and Microsoft Teams can allow your team to securely message, screen share, voice call, or video call anyone within the organization with a few clicks. Document storage and project management tools are also critical and your IT team should be consulted when these tools are chosen to vet security.

With an increase in email use and decrease in visibility into employee’s usage, tools like Managed Methods, a Cloud Access Security Broker (CASB) and Proofpoint, a Secure Email Gateway (SEG), provide stronger shadow IT, data leakage, and control over email use.

In these uncertain times with changes happening so rapidly, it’s easy to feel like there are multiple competing priorities. Company leaders are having to make tough decisions quickly and may not have the time to research their decisions like they once did. It’s important that we stay connected throughout the industry and share our knowledge of best practices and daily developments. Many breaches are preventable and there are many tools at our disposal to help protect you. Now that the rush to get employees working from home is over, it’s time to pause and take stock of your cybersecurity situation and your IT team’s capacity.

Contact us for assistance with penetration testing, response planning, remediation, cybersecurity training and more.