‘Remote work is the new normal.’ We’ve been hearing this since 2020. Love it or hate it, remote and hybrid work are here to stay. Along with the rise of remote employees and work, there has also been an increase in cyber-attacks.
According to Risk Based Security, 36 billion records containing sensitive data were exposed due to data breaches in the first half of 2020. Correlation isn’t causation, but remote environments present unique cybersecurity challenges. How can you secure your remote workers?
Before we dive into remote work security best practices, let’s look at remote work security challenges.
Security Challenge of Remote Work
Personal Devices
While working from home, people do not always use company owned devices. Even before the shift to remote work, employees were bringing their own personal devices to use for work (the BYOD model). Mobile Device Managers (MDMs) offered some protection for employee-owned smartphones.
Now, any employee-owned device needs to be protected. If an employee uses their own smartphone, PC, laptop, or tablet for work, there should be an endpoint security solution on the device. This makes it difficult for a hacker to gain access from the outside.
File Sharing
For many employees, file sharing is a necessity in remote work environments. Sharing data is critical for collaboration, especially for remote teams, but it’s easy for sensitive information to fall into the wrong hands without proper data security. Check out our guide to Safer Alternatives to Business Email for secure file sharing tips.
Weak Remote Infrastructure
Some companies don’t have the right technology in place to support a remote work environment. At a minimum, employees should be able to remote into their company workstations and connect to the company network using a VPN.
Collaboration tools like videoconferencing and chat are also must-haves. Cloud collaboration suites like Microsoft 365 and Google Workspace enable secure collaboration.
Companies that lack centralized solutions risk employees using their own workarounds. This is called shadow IT. It presents security risks because the solutions aren’t vetted by experts, and there’s no centralized management.
How do you strengthen your remote work infrastructure? Use these tools and follow these tips to keep your business connected and secure from anywhere.
Remote Work Security Best Practices
Keeping your remote workers secure requires a combination of technology, policies, and education. Follow these best practices to ensure data security in remote environments.
Require a VPN
VPNs allow employees to access the organization’s information through an encrypted tunnel. Furthermore, VPNs also provide necessary security while using public networks. By encrypting data flowing over the network, VPNs make it difficult for hackers to intercept the connection.
Remote workers should be required to connect to your VPN before accessing shared storage drives or remote desktops. This is the equivalent of requiring onsite employees to be connected to your network before accessing company data.
Remote Desktop Connections
Employees can remotely access their in-office PCs using a remote connection application. This is helpful when work PCs have specialized software or data that cannot be accessed on a home computer.
Remote connections require strong security protections. The technology makes it possible to access a PC anywhere in the world. While this means your users can access their PC from anywhere, it also means a hacker anywhere in the world can access that PC. That’s why it’s critical to authenticate the user before allowing the connection.
Tips for enabling safe remote desktop connections:
- Require the user to connect to the VPN
- Make sure multifactor authentication is enabled for the VPN connection
- Only grant users access to the PCs they need. Most users only need access to their workstations
- Require the user to enter their domain password to connect
- Use built-in remote connection applications like Windows Remote Connection or Apple Remote Connection
Multifactor Authentication
Enabling multifactor authentication (MFA) is especially important for remote environments. Adding one additional authentication method can stop 99.9% of account attacks.
With MFA enabled, users take an additional step to prove their identity. Typically, a code is sent to the user’s smartphone via an MFA app or text message. The MFA app may send a push notification instead. Either way, this occurs after the user enters their username and password.
Combining what the user knows (username/password) with what they have (smartphone), the user is authenticated with a higher degree of certainty.
Approve Personal Devices
If personal devices are being used for work, then the devices should follow your information security policies. For example, you may decide not to allow jailbroken smartphones to access the company network. Personal computers with risky software installed can also be blocked.
Technology exists to enforce this compliance:
- As already mentioned, Mobile Device Managers make sure employee smartphones are secure
- Next generation firewalls can evaluate VPN connection requests and block devices with suspicious software
- Data Loss Prevention (DLP) tools can stop company info from being downloaded onto personal devices
The first step is writing personal device use policies. The technology in this space isn’t foolproof. All employees should understand what is and isn’t acceptable. After creating the policies, make sure you have technology in place to approve compliant devices and deny non-compliant ones.
Security Awareness Training
Cybersecurity awareness training may be the single most effective tool to prevent breaches. Make sure your annual IT security training covers tips to stay safe when working remotely. All training should include:
- Phishing Prevention
- Social Engineering
- Secure Password Manager
- Multifactor Authentication
- Physical Security
- USB Drive
- Mobile Device Security
Training for remote workers should also include:
- How to connect to the company network securely
- How to secure home Wi-Fi networks
- Public Wi-Fi and public computer security
- Device compliance requirements
All users should receive training at least once per year, regardless of job function or location.
Review Your Cyber Insurance Policy
In response to the greater risks posed by remote work, cyber insurance providers have increased rates and set stricter requirements for issuing policies. When applying or renewing, make sure to note all your cybersecurity investments. These will help lower premiums and facilitate policy approvals.
Remote Infrastructure Auditing
Remote infrastructures need to go through periodic audits to identify all the gaps, loopholes, and vulnerabilities that could potentially be exploited. Once this is known, you can take the necessary steps to solve these and create secure, healthy infrastructure. It’s not a one-time job, but an ongoing process.
Overall, these are a few steps you can take to ensure remote workers are safe from cyber-attacks. Following these tips will put your organization on the path toward a secure remote or hybrid environment. If you need help, consult a cybersecurity expert like LeeShanok!
Copyright © leeshanok.com
Website by CS Design Studios