As large-scale remote work becomes part of the new normal, it’s important that IT and cybersecurity teams prepare for the potential exploitation of new remote infrastructures.  Specifically, you should consider:

1. Identifying your weaknesses: Develop a worst-case cyber scenario that involves a remote worker IT system malware event, and then conduct a tabletop exercise using this scenario.  At the end of the exercise, identify what went well and what didn’t, and assign staff to address any gaps and weaknesses in your cyber incident breach response ("CIBR") plan within an agreed upon timeline.  Your CIBR plan should then be updated accordingly.
2. Reviewing your baseline configurations: Revisit the implementation of a minimum acceptable remote workforce IT system baseline configuration that limits the acceptable activities of the IT system.  For example, consider eliminating the use of USB ports or restricting them to specific users who may need access as a part of their roles and responsibilities.  Once the baseline is established and tested, roll this out to your remote workforce.
3. Implementing reviews of remote IT systems and other logs more frequently: Consider the implementation of additional remote worker IT system logs that collect and analyze data to identify unauthorized or questionable activities that may require further investigation.  Automate this audit log collection and analysis where possible.

When planning your response to a potential CIBR incident while your workforce is largely remote it’s important that you:

1. Develop processes and procedures needed to isolate individual remote IT systems — or a group of IT systems that may work together — to support requisite cyber analysis and investigation.

2. Determine how remote IT system cyber forensics would be conducted, including chain-of-custody procedures.

3. Be prepared to quickly collect remote IT systems logs and imaging of remote workers’ hard drives.

4. Consider how to get selected remote workers back online as quickly as possible (if required).

Preparation, planning, and conducting cybersecurity tabletop exercises — both technical exercises and those involving senior management — will go a long way in helping your organization tap into the benefits of your remote workforce while being prepared to efficiently and effectively deal with cyber incidents.