Many security and IT teams suddenly had to support and protect employees who must work remotely due to the Covid-19 crises.
The rapid transition to an entirely remote workforce, for most organizations, due to COVID-19 lock down orders have created multiple risks for the IT departments at many businesses. Businesses not only have to successfully secure their corporate tech & equipment they also must secure personal devices of employees used on corporate networks remotely.
Without a remote worker policy and proper tools deployed to mitigate the risks of your business’s remote employees and the vulnerabilities to your IT security, you’re leaving your company wide open to hackers. As employees now operate from their homes, their exposure and awareness to cyber security threats often isn’t as clear as it once was in the confines of their seemingly more secure office environment.
The following is an outline of eight (8) tools to help businesses and employees securely work from home:
- Use a virtual private network:
A VPN also known as a (virtual private network) creates a secure channel for remote devices to privately access the business network. The VPN encrypts all communications and hides the users IP addresses greatly reducing vulnerabilities which encourages hackers to search for easier targets.
VPNs working behind the scenes don’t disrupt productivity. Your remote employee logs into the VPN and it securely logs them into the business network effortlessly and securely.
- Determine the protection required for your remote work force:
Managing your in-house workstations is one thing, but keep in mind you aren’t able to manage the devises of your remote workers to the same level.
Consider the following items when developing a remote workforce policy.
- Decide if you need to arrange alternative cloud-based means to monitor your remote worker’s devices.
- Asses your employee device support tools currently under use.
- Consider implementing a remote access and IT support system to service your remote workers. You can easily implement these tools with companies such as Splashtop or Logmeinrescue, allowing your IT support team remote access to your remote workforce’s devices.
- Develop and implement a written remote work policy:
A written remote work force policy will not only help protect the business but also sets the appropriate expectations for your remote employees. The following are some policies you may consider including when developing your plan.
- Establish a list of approved personal devices authorized to access the company network.
- Set standards of networks authorized and not authorized to access the company’s network, i.e. no use of public devices, WiFi, or networks, etc.
- VPN’s must be used when accessing the company’s network.
- Establish password standards, which must be used on any devices accessing the company network.
- Issue approved and updated anti-virus and anti-malware software to be installed on employee devices accessing the company network.
- Review and update your confidentiality agreement including the proper care procedures for remotely handling corporate information and property.
- Implement two-factor authentication (2FA):
More remote access means more remote vulnerabilities. Consider adding (2FA) to remote access solutions. Two-factor authentication (2fa) is a method of establishing access to an online account or computer system that requires the user to provide two different types of information.
As passwords have become increasingly less secure, whether through data breaches or poor user practices, more and more individuals are moving to 2fa to secure their digital lives and many service providers are encouraging or mandating the shift to 2fa.
If you’re looking to roll out 2fa or multi-factor authentication for your own corporate users, a number of vendors will be happy to help you. A few of the more well know are RSA Authentication Manager, Symantec VIP, and CA Strong Authentication.
- Educate employees on COVID-19 scams:
The National Cyber Awareness system warned of COVID-19 scams circulating currently. Make your remote workforce aware of best practices such as to not click on unsolicited emails; use only official websites; be cautious of emails soliciting personal or corporate information through an attached link; and always confirm origin before acting. Establish a centralized online bulletin board your employees can go to for official communication and notification.
- Encourage employees to be use common sense & caution:
Employees successfully and securely working remotely is a large part of many businesses today and potentially in the future. To ensure your team is protected, consult your employees on the ways they are less secure at home and how they can minimize some of the risks. Have them question any strange-looking texts or emails. Remind them not to put unapproved USB devises or peripherals into their computers. Reinforce the issues of transmitting personal or corporate information by an email. And most importantly, ask them to use common sense be cautious, suspicious, and watchful of what they are transmitting over the network.
- Update acceptable use policies for employees:
Finally, ensure your employees use acceptable computer use policies over their home computer assets. If this wording is not already there, you’ll need to quickly get up to speed in allowing employee’s personal assets be used for remote access. You’ll need to work with the firm’s attorneys and tax advisors to see if the use of personal computers and personal phones of the employees mandate a need for reimbursement for use.
Planning for the future:
While this is a stressful time given the uncertainties, it’s also a great time for making sure your organization is ready for this crisis and prepared for the next. An increased remote workforce was forced upon us. But who’s to say it may not become a more efficient and economical way of running your business. The suggestions we’ve made in this article are prudent not only for a remote work force but are also prudent for a future including more and more mobile devices accessing your network. Make the best of this crisis, use it to fill the gaps in your cyber-security and make your business more secure to handle its future.