Interview: Michael Howard, Head of Security and Analytics Practice, HP Inc.

Millions of people around the world have been working remotely for almost two months now. Daily routines look different for every employee, whether they log on first thing to check emails, or if they are juggling calls in between homeschooling children or caring for an elderly parent.

While workers adjust to the new normal, employers are also reevaluating their approach to remote work and how to secure a remote workforce. IT teams first had to tackle priority items like scaling network capacity and deploying video conferencing software, and now they are preparing for long-term remote work. This is new territory for both employees and IT teams, but cybersecurity requires active participation from every person to maintain a secure work environment.

Infosecurity spoke to Michael Howard, head of security and analytics practice, HP Inc., to gain his insight and advice on how IT teams can prepare for secure, long-term remote working.

How can IT teams best adjust to long-term remote working security structures?

The rapid adoption of remote work has accelerated the trend toward zero trust security and decentralized networks. In fact, according to the HP COVID-19 pulse survey, 40% of IT decision-makers say they will tighten endpoint security as a result of COVID-19. The best way to adjust to remote work, even temporarily, is to treat this as the new normal and to take all necessary cybersecurity precautions. The traditional network perimeter no longer exists, and every end user and endpoint device needs to be equipped with security tools to thwart advanced attacks. IT teams need to prioritize endpoint device resiliency and invest in ‘out of the box’ hardware and software security.

This is a difficult time to navigate personal and professional demands and security may not be top of mind for employees adjusting to a remote work setup. As we prepare for the next few months, it is critical for IT teams to not only deploy additional security measures, but to educate employees on their role in maintaining corporate security. The security measures that are adopted now will only continue to serve us when we do move back into offices full-time. More importantly, though, they will help us empower the hybrid remote workforce of our future.

What are effective ways to educate remote-working employees on cybersecurity policies?

Employees who are used to working with a desktop and being hardwired into the network may not realize the layers of security in place at the office. When working from home, employees need to understand their company’s policies around secure remote work and use only approved software and collaboration tools. One way to educate large groups of employees is to host internal training sessions or provide tutorial materials that lay out easy, navigable steps to comply with corporate security policies. Trainings can include email phishing simulations and prompts to open disguised malicious links. Those who fall for these simulated attacks would be notified and would be able to look out for similar threats in the future.

How can security teams manage disparate threats brought about by mass remote working?

It is a stressful time, and the security landscape is changing daily with a proliferation of outside threats. Many security measures that were meant to secure the corporate network perimeter are often no longer applicable with a workforce connecting remotely. Aside from instituting a zero-trust security approach, IT teams need to deploy additional cybersecurity services to employees’ devices. For example, HP’s Sure Click feature isolates key applications in their own virtual containers, trapping any malware and deleting it as soon as the application is closed. As part of our commitment to supporting the workforce during this challenging time, we’re currently offering our HP Sure Click Pro for free download to HP and non HP PCs.

What’s Hot on Infosecurity Magazine?