5 ways to secure remote working
There is no doubt 2020 has been an unsettling year. The Covid-19 pandemic has caused considerable disruption to the global economy as well as changed the way we all go about our daily lives. While we are seeing a gradual return to the workplace amid a Tiered system across the UK, the most recent lockdown serves as a reminder that they can come very suddenly.
With that in mind, we all need to prepare for the future with a remote-working model in mind. Now, for the most part, the initial panic of moving to this new normal has subsided and employees have largely adapted, IT departments should be reviewing their remote working tools and policies for those individuals who are continuing to work from home for now. This is because the rate in which we were all forces adapt and work from home, there was little time for IT departments to completely secure remote working policies. Unfortunately, bad actors took advantage of flaws in the defences of many businesses working remotely. According to research, cyber-crime and cyber-espionage skyrocketed during COVID-19 lockdowns.
Below we have gone through a few ways you can ensure secure remote working throughout the pandemic as well as beyond.
1. Secure your toolset
No matter where your workforce is working, how they connect into the office and go about completing tasks should be secured. These days, business data and files are valuable assets in the online world, and as with any valuable resource, there are always people out to steal it.
To help secure your toolset, it is good to limit the need for staff to take any data or files physically out of the office. To do this, it is recommended to set up a secure remote connection such as a hosted desktop or VPN. Both solutions offer significant advantages to a business but what works best for your organisation will depend on your specific needs.
A Virtual Private Network (VPN) works by extending a private network across a public network so that users can work privately and use the internet in a safe manner. It works best for companies whose staff don’t move between a variety of sites. For instance, if they only work between home and the office. This is due to the fact that when you set one up for your workforce, it relies on the server at your office and any device being used needing to be configured, making it far more timely and complex to set up and use.
On the other hand, a Hosted Desktop is hosted in the cloud from a secure data centre so does not rely on a server in your office. As a result, users can access and use it on any device, from anywhere. All that is required is for a small piece of software to be downloaded on the device of a user. We recommend this as a better long-term solution for businesses who have staff working across the country or even world due to it being far more mobile. What’s more, costs are predictable as pricing is done on a per user per month basis – you don’t pay for anything you don’t use.
2. Secure all devices
It is also crucial for you to secure any devices that are being used by your workforce for business tasks. For instance, all devices need to be equipped with basic antivirus, antimalware and firewalls. It would also be useful for IT departments to make note of what devices are being used by who and whether it has everything they need to carry out their role on it. This helps to reduce the chance of staff swapping to devices that aren’t secure.
Transitioning to remote work also increases the chance of BYOD in an organisation. When it comes to security in modern business culture, this is seen as the worst nightmare for IT departments. This is because it can result in them losing almost all control of devices, making it a challenge to address and monitor security issues such as viruses, hacking, un-secure Wi-Fi, and lost or stolen devices.
Hosted Workspaces are a great way of helping overcome the issue of securing devices because updates and patches are all deployed automatically as it is delivered from your cloud providers secure data centre. In addition to this, it is encrypted and consequently secure, meaning you don’t need to make sure basic security protections on the personal devices of your workforce are completed.
3. Implement user authentication
When remotely accessing company resources, the standard should be for staff to have multi-factor authentication (MFA) or two-factor authentication (2FA) switched on. Cybercriminals are becoming increasingly advanced day on day. As a result, it is often the case that passwords are no longer enough to keep accounts and resources out of their hands.
MFA and 2FA are two different forms of authentication that help to further verify a user’s identity. Both work by requiring additional credentials and add an extra layer to the verification process. Included are something you know, something you have and something you are. Something you know could be a password, something you have is a possession such as a generated code on your mobile, and something you are could be facial recognition, a fingerprint or an eye scan.
Although it’s tempting to simplify the process by allowing users to refrain from having MFA or 2FA implemented, this creates a substantial security risk. Implementation is easier than you originally believe as well, and a number of resources will include it as standard to help improve security.
4. Maintain compliance
Traditionally, compliance strategies were built around office work and do not factor in staff devices leaving premises. With the quick shift in working style due to Covid-19, your organisation may risk unintended non-compliance if they fail to know how to uphold industry standards in a remote-working environment.
Some ideas for ensuring you maintain compliance in a remote-working sense include:
- Continuous management and reviewing of your security policies
- Restriction of user access to only the resources they need in order to carry out their role
- Writing and implementation of a formal remote work policy which is shared with the whole of the company
- Writing and implementation of a ‘BYOD’ policy which is shared with all employees
5. Raise employee awareness
Thanks to the pandemic, new waves of cyber-crime are hitting businesses, making it vital for cyber-security awareness to be a top priority for IT departments and business leaders. Your employees are the weakest link the cyber-security chain – All it takes is one uninformed individual to download or click a malicious link or attachment to jeopardise the protection of your entire company.
Consider implementing cyber-security training for staff that centres around working remotely. This should be mandatory for those working remotely. Anyone who fails the training should have to then re-take it so that they aren’t potentially putting your business at risk. For example, Knowbe4 is a security tool that simulates phishing and social engineering attacks/emails. It works by allowing businesses to select a template and landing page, then after simulation shows users the red flags they missed. Management are also able to review user results and set a mark in which employees have to get if they are going to be working remotely.
Moreover, we recommend for company Intranets to be used for providing awareness and insight into cyber-security and best practices. This helps to create an easy way for staff to easily access proper documentation and information.
Secure and simple remote working
There has never been a better time than now to review and then secure this way of working to make sure your business is protected. Luckily, doing this is not expensive nor difficult. Amid the pandemic, we have seen incredible uptake of remote connection solutions sure as VPN’s and Hosted Desktops, both which have assisted businesses in a range of sectors get to grips with working from home. Furthermore, we have also helped many of our customers implement other, less complex security services such as 2FA/MFA as well as offer advice on the best way to move forward with employee awareness training.
Remember – a determined intruder is difficult to keep out. With the unpredictability of the pandemic making future lockdowns entirely possible, it pays to take the time now to make secure remote working, a long-term strategy.