The need to get workers up and running within such a tight frame at the start of 2020 with a minimal loss of working hours, meant the risks to digital security and cyber integrity increased exponentially. And very few companies have reviewed their security protocol retrospectively.
The biggest threats to cybersecurity in homeworking
It’s well established that remote working is not as secure as working from office-based devices and networks. Endpoints such as laptops used at home pose a threat, as human error and shared usage amongst individuals creates a higher potential for spyware and malware to breach the business network more easily.
Collaboration and conferencing apps, which saw a huge explosion in growth during COVID-19, have also been responsible for expanding attack surfaces. The threat posed by substandard patching protocols in these programs has been so worrying that the likes of NASA and Google have actively instructed employees not to download and use certain apps.
In the face of these results, it is more important than ever to set up and implement best practice for securing remote workers.
Here’s what you need to consider:
Create a remote working policy
The first step should be to create a set of guidelines that demonstrate how employees should be working remotely to combat remote access threats. A clear and concise policy will be a huge step forward in mitigating the risks that come with using remote access systems.
A good remote working policy should cover:
- Whether or not personal devices are acceptable for working remotely
- Which data is suitable for download onto personal devices?
- Whether non-essential software can be downloaded onto company devices supplied for remote-access working
- How to report suspected attacks to IT personnel when working remotely
- Designate and secure specific remote work devices
- In an ideal situation, organisations should provide their employees with devices that are specifically set up to be used for remote work.
In the US, it was reported that 56% of employees spent 2020 using personal computers to complete their daily work tasks. With the pandemic keeping employees out of offices, and remote working becoming a more viable proposition in general, it has become more important than ever for businesses to supply their employees with devices that can be directly managed by the IT department.
Only by keeping a closer eye on these computers can you be sure that they are properly updated and free of weak spots such as out of support software or suspect data.
Manage sensitive data securely with encryption
The importance of sensitive data cannot be understated, so it’s key that you secure it using encryption and access control.
The prevalence of remote work has made it more difficult to ensure that staff deal with sensitive data correctly, especially if compliance rules meant that the information must remain on certain servers. In these cases, you must make sure that the data cannot be copied and downloaded to home devices to maintain security integrity.
The best way to bolster security is by encrypting all data exchanged over the network between company-owned and remote work devices. Instructing employees to connect to remote systems using a VPN, which provide built-in encryption, is an easy step to take, as is using applications that feature end-to-end encryption over less secure options.
Ensure protections are up to date
Anti-virus, anti-spam, anti-malware – whatever filters and protections your organisation has in place they should, of course, be up to date. Remember that anti-virus software works by comparing incoming content to known examples of previous attacks, so it if is not kept up to date then it cannot comprehensively identify known threats.
Perform regular back-ups to hard drives
It’s likely that most of your data is now stored online in the cloud. Cloud storage is great for ease of access, and they mostly come protected with encryption as standard. It is often worth periodically backing up your most sensitive and important data onto a physical hard drive.
Physical storage may not always be as reliable as the cloud, but it cannot be hacked remotely and will give you an extra layer of security.
Make use of Multifactor authentication
Multifactor authentication is more frequently used to access online portals such as banking and other financial and business services. Instead of simply inputting a username and password, Multifactor authentication allows you to implement a second requirement for log in. This forms the basis of something you have and something you know, according to Microsoft statistics, MFA can help defend against 99.9% of account compromise attacks.
Fast, efficient connectivity is of course essential for remote working, but exactly how to provision it can be tricky. Relying on staff members’ personal internet connections alone – or worse, the internet connections available in their local cafes – can be a recipe for a security breach.
The best option is a virtual private network (VPN), which enables staff members to securely connect to the corporate network, wherever they are physically located. Communications are automatically encrypted, and all users on the VPN are accredited and verified. VPNs can also be configured to comply with key business policies, such as installing the patches, upgrades and core security software outlined above.
Multifactor authentication (as already mentioned) becomes an even greater priority when enabling remote working, to ensure that malicious parties – or simply friends and family members – cannot access the corporate network, whether accidentally or deliberately.
Train your staff
An oft-neglected point, but one that can undo all the others. Human error is the cause of a frighteningly high proportion of corporate security breaches, and all the previous steps are quickly rendered irrelevant if your staff are not properly trained on good security behaviours.
User education and training cannot simply be a one-off, delivered at the outset of someone’s career and then forgotten about. It needs to be dynamic, responding and adapting to the latest security threats and continually refreshing staff knowledge. From recognising the signs of social engineering, to understanding the latest malware threatening your sector, staff should be trained in myriad aspects of security.
By following these best practices any business can protect their sensitive data from attack no matter how much they continue to embrace remote working in the future.