We know that remote working is increasingly becoming the norm. A 2019 survey by IWG found that more than 50% of employees around the world are working off-site for more than 2.5 days in any given week. However, the scale of remote working we’re seeing right now is unprecedented – government-imposed lock-down is pushing businesses to adopt remote working like never before.
One could argue that most companies are reasonably well prepared for remote working and will by consequence have the right security measures in place. While that is true for many companies, other organisations might find the sudden and involuntary push to remote working a bit of a shock and will rightly be concerned about the security implications.
In this article, we cover key remote working security tips for those companies which are suddenly adopting remote working. Even if your organisation has embraced remote working in the past, consider reviewing the tips below to make sure your security practices are watertight.
Understanding the most important risk factors
Protecting your business and your colleagues from remote working cybersecurity risks require a basic understanding of where these risks lie. We think that remote working introduces risks in three areas:
-
Personal device use
Particularly where remote working is rolled out in a rush, chances are that employees are using personal devices to access company resources. How secure are these devices? Which personal and unsafe apps co-exist with business apps? What happens when a personal device containing confidential business data is lost or stolen?
-
Data transport
Your colleagues will make heavy use of the internet to do their job, but how is internet traffic transported? Is it over unsecured, unencrypted, or worse – shared Wi-Fi? Is the underlying ISP reliable? If your colleagues use VPN networks – can these be trusted? What are the opportunities for criminals to sniff confidential data?
-
Increase in scams
Cybercriminals are aware of the race to remote working – and how that implies weak cybersecurity preparedness. Furthermore, criminals are jumping in on the anxiety factor – with countless examples of COVID-19 related fraud and phishing attacks circulating.
The above is not an exhaustive list of the risks posed by remote working – physical device security is a concern and so is the potential for shared use of devices. A more relaxed attitude to security can also emerge when employees are working outside of the office.
Faced with these threats, what can IT leaders do to rapidly ramp up remote working cybersecurity just as remote working becomes essential?
How to rapidly boost security for remote working
The response to COVID-19 has come hard and fast, and many companies were caught by surprise when faced with the sheer requirement for remote working. However, companies can rapidly ramp up security measures to effectively counter the risks posed by remote working. We suggest that businesses focus on these seven points:
-
Boost password security
If your company has not yet applied password policies demanding strong, unique passwords, now would be the time to do so. Multi-factor authentication (MFA) is now widely available – and is easy to enable for widely-used tools such as Office 365. MFA adds a powerful layer of security.
-
Provision VPNs
A VPN tunnels company traffic through a secure layer that hides your confidential business information from Wi-Fi snoops or hackers who may infiltrate a poorly run consumer-grade ISP. VPNs are easy to roll out to end-users and can be used on a company-owned device or a personal device. Choose your VPN partner carefully, however.
-
Issue company devices
It can be difficult to provision an army of laptops when remote working becomes a sudden reality. However, even after the fact, it is worth rolling out company devices that are dedicated for work, and which can be securely managed.
-
Install MDM
Mobile device management or MDM applies a layer of control over devices – whether personal or company-owned. MDM enables remote wiping, makes it easy to inventory which devices are in use on corporate resources and can limit which personal apps cohabit on a device.
-
Endpoint security
The devices that are newly introduced to your corporate network require consistent security management. OS and app updates should be installed when available, while your user’s devices also require top-up anti-virus apps.
-
Introduce policies
End users are an unpredictable group – but you can make their behaviour more predictable by communicating what is acceptable and unacceptable when working remotely. Consider stating when and where devices can be used, what type of apps may be co-installed on a device, and point to physical security measures
-
Educate users
It’s always been cybersecurity good practice to keep users educated on the most common ways cybercriminals exploit a lack of user knowledge – as well as user anxieties. However, it’s worth scaling up these efforts – outlining to users how phishing attacks work, and how users should verify the authenticity of emails, links, and attachments.
The concerns around remote working security have prevented some companies from offering flexible working policies and indeed from switching to remote teams. However, the present situation leaves many companies with no choice but to adopt remote working.
That doesn’t mean that organisations should be needlessly exposed to remote working security risks.
Awareness of the main concerns around remote working security and adherence to the tips we published above can ensure that your company minimises the risks around remote working while ensuring business continuity during this challenging period.