Since the arrival of the COVID-19 global pandemic, many companies have had to alter the way they function. Remote working is now a reality for large sections of the workforce. Team collaboration through cloud-based platforms is an accepted part of most work days. Remote workers execute their tasks with a combination of company-issue devices, and personal devices.
But there are risks to this new normal. The remote worker is a source of vulnerability and a thorn in the side of enterprise security solutions. Nobody knows how long this new normal will continue. What is known is that an emerging generation of cloud-based work tools offers a high level of flexibility, scalability, and efficiency.
This means that working from home will become easier, and the case to work from home will not go away.
In order to keep remote workers and companies safe, security leaders are advised to pay attention to the following:
1 – Beef up all network security
One of the unavoidable aspects of working remotely is the need to use unsecured home networks. This leaves employees open to malicious attacks from threat actors. With so much company information moving around on home networks, it is best to secure them.
A good idea is for organizations to require employees who are working remotely to use Virtual Private Networks as far as possible. This helps maintain end-to-end data encryption. Information on VPNs can be stored and accessed on the cloud, where emerging technologies such as cloud direct connect can offer greater reliability, performance, and security.
2 – Be careful of personal devices
Many remote workers will have to use personal devices to get their jobs done. Unsecured personal devices are a soft target. They may not have up-to-date antivirus software, and they may use weak password protection methods.
Security around personal devices almost always needs to be tightened. Ideally, access to the organization’s internal network should be allowed only on employer-provided devices. The devices can be managed by the IT team. But as this is not always possible with remote workers, request your IT department to work with remote workers to audit their home devices and networks for weaknesses.
3 – Have a plan for authentication and authorization
One sure-fire way to create extra security is to act as if a breach is unavoidable. Multi-factor authentication, monitoring access controls, and creating strong passwords are important hacks that every smart company should know by now.
Having the correct authorization levels is also important. For remote workers, having exactly the right access to the necessary applications is the way to go. Companies must get into the habit of granting ‘least privilege’ access rights. This means giving only the minimum permissions required by an end user. This is a key safety item.
4 – Secure your collaboration apps
Video conference security has come to prominence in recent times. Video conference service providers like Zoom, Google Hangouts, Microsoft Teams, and Cisco Webex are just some examples of popular options. But they are not infallible tools. There have recently been high-profile instances of threat actors gaining unauthorized access to live video conference meetings.
There are many reasons to try to improve video conference security. If an organization is stuck with a legacy video conference system which is not fit for enterprise use, changing existing systems is often impossible. In this case, some common sense safety hacks include checking meeting links, using virtual waiting rooms, and employing blurred backgrounds. Users can also lock rooms once meetings have started. All these measures can avoid instances of external parties gatecrashing sensitive meetings.
5 – Watch out for phishing threats
Phishing threats aimed at remote workers are on the rise. Common strategies include getting employees to engage with suspicious material through appearing to be important updates or promotions. Many phishing threats have tell-tale giveaways such as bad grammar and spelling. Well-trained and aware remote workers will be able to spot these signs.
This is why it is so important to establish a remote working culture that takes IT best practice as a top priority. It is the role of remote workers to know that it is not business as usual when it comes to modern cyber security. Remote workers must be trained to report suspicious links to IT departments.
6 – Evergreen tips for remote working
Make sure that practical advice is followed. This could be the use of strong passwords, or methods such as two-factor authentication. Make sure that hardware has up to date antivirus and firewall software. Organizations can institute a helpline or online chat line.
Other extra measures include limiting access on personal devices to no more than email and cloud services. Companies should ensure the same endpoint security rules for antivirus software and firewalls as with employer-managed devices.
7 – Ensure backups of critical systems
You must be sure to backup all critical systems. Check that backups have been performed correctly and the information is safe. Create multiple backup options, be it in the cloud or with multiple carriers. Arrange for off-line storage of backups regularly. This can be achieved through the enlisting of data center consulting services to store and share applications and data.
As workers work from home or commute to and from home with crucial information on their devices, it is important to take into account the possibility of theft or loss of hardware devices.
8 – Don’t forget cybersecurity training
Organizations should carry out periodical cyber security training. This needs to be ramped up as remote working takes hold. This must be combined with regular, organization-wide updates and reminders to act safely.
The heightened threat level of remote working requires best practice reinforcement, or else employees will forget. Companies should disseminate important updates such as cyber policies, rules, and emergency contact people as often as possible.
9 – Have a plan during a crisis
Lastly, beef up your incident and crisis management systems and importantly, link them to concrete contingency plans. Have backup communication channels if your network has been compromised. If you have a ransomware incident that disrupts your IT systems, being able to operate and communicate through other means will be important. All these failsafes should be understood and internalized by remote staff.
Security leaders must think about the transition to the future. As working methods evolve, this offers the chance to look at the technology and processes put in place and consider how these might help the organization be stronger.