Guide:
Securing Remote Workers
If your business was completely unprepared for the COVID - 19 crisis, then you are one of millions. Very few businesses had continuity planning in place to enable their entire workforce to shift to remote work within days. Suddenly, businesses, organizations and employees globally are struggling to solve everything from instituting remote work policies to securing employees’ personal computers and networks in record time.
Even if your business had the foresight to issue secured laptops to your employees, your level of cybersecurity protection is questionable. In the last six months [1], more than half of businesses experienced a cybersecurity attack targeting their remote workers. Phishing attacks against remote workers soared by a staggering 500% in March 2020.
Employee-owned devices and computers are generally less secure than their work PCs, especially if they are not managed by your IT department. The chances of them being continuously patched, firewalls properly configured, and free of malware are low.
Recognizing remote workers can be a tremendous security risk, let’s check out the best practice on how to mitigate risk in a remote work environment from the trusted cybersecurity team at Digital Hands.
Institute or update your remote worker policy
Establish policies about how your employees should be practicing their duties and how to utilize tools that secure their systems and your data.
A remote worker policy needs to lay out guidelines for using unsecured WiFi networks when accessing your IT infrastructure. If possible, provide resources to help set up a VPN to secure internet connections when handling sensitive business data.
Next, you should provide your employees with resources to help them secure their own personal computers, set up firewalls and anti-virus software, and ensure that operating systems and applications are properly patched and up to date.
Leverage existing best practices when developing your work-at-home policies. A good resource to use is the National Institute of Standards & Technology paper on remote worker security.
Secure Personal Systems and Devices
In a perfect world, employees would be prohibited from using personal email and browsing the internet on work devices. However, this is almost impossible to enforce when employees are working from home.
Most malware attempts to infect devices via email or browser during internet surfing. A good way to prevent this is with browser isolation. Browser isolation enables you to physically isolate their browsing activity and any malicious links they click from their emails.
Best practice dictates that your employees have the right security tools installed, that software is properly patched, and everyone follows good security practices. This can be difficult to enforce if there are a lot of users. To make it easier, consider using Microsoft Windows Intune [2]. It’s an endpoint management tool used to manage and patch their machines remotely, as well as install the applications they need to secure themselves when working remotely.
Consider Using Cloud-Based Applications
Increasingly, businesses are turning to cloud-based productivity apps in the form of Office 365 and G Suite because of the collaboration and security benefits they bring. As a big bonus, they enable employees to work from anywhere.
However, many businesses are still using locally-installed applications like Word, PowerPoint, and Excel to enable their productivity. Using old versions of these applications means a business is more susceptible to malware-infected files being sent to and from employees. It also means that employees are dependent on the one machine that contains these applications and their data.
If your business is still using these locally-installed productivity applications, consider migrating to the cloud-based versions. It’s much easier to keep documents safely contained within the cloud instead of on USB drives, hard drives, or an employee’s personal computer. Sending files to customers and colleagues is an old model; it’s much better to send links to online versions that let customers and employees easily and securely collaborate online together.
Develop a Good Password & 2FA Policy
If you do not already have one in place, work out a solid password policy and guidance on using two-factor authentication (2FA). Many cyberattacks are the result of weak and easy-to-guess passwords, with lots of people reusing the same password for different applications and systems.
For remote workers, this is a huge risk. If a hacker somehow discovers one password and an employee has reused the password across your systems, the hacker now has access to all systems.
Also, consider implementing 2FA (like Google Authenticator [3]) and require it to access data and applications. It adds an extra step to login, but it also makes you infinitely more secure than you were without it.
Secure Employee Internet Connections
Best practice dictates that you secure your remote worker’s internet connections. You simply cannot trust a third-party network to keep your business data and employee activities secure. It doesn’t matter if it's a coffee shop WiFi network or a home broadband network - everyone needs to secure their connection with a VPN and encrypt their internet traffic to keep it safe from prying eyes.
These secure connections and stop malware from passing through the network. There are also hundreds of other VPN providers on the market; any of the reputable ones [4] will do the job and you can even build your own solution [5] with a virtual private server.
Separate Work Life from Personal Life
If you try to tell your employees what to do and not do on their personal computers they could push back, or worse, just ignore you. They will probably also forget best-practice security when browsing the internet or social media. Consider a separate ‘silo’ to isolate their work data and environment from their personal data and environment.
To accomplish this, use a virtual machine (VM) installed on their computer that provides them with a work desktop used exclusively for work purposes. Simply install some virtual machine software [6] on the computer and distribute a VM ‘image’, and you can lock down that work VM tightly and configure it to your security practices without infringing on their personal computer rights.
A good free, open-source solution is VirtualBox. Hundreds of thousands of people use VirtualBox to set up a Windows VM and give users the functionality they are used to.
It doesn't take long to properly secure users, network connections, and personal computers when working from home. However, it does require well-thought-out policies and a plan. It also requires that a business dedicate some IT resources to the challenge, and this is where most businesses need help.
References:
1) https://enterprise.verizon.com/resources/reports/2020-data-breach-investigations-report.pdf
2) https://www.microsoft.com/en-us/microsoft-365/enterprise-mobility-security/microsoft-intune
3) https://support.google.com/a/answer/175197?hl=en
4) https://www.cnet.com/news/best-vpn-service-of-2020-nordvpn-expressvpn-surfshark-ipvanish-protonvpn/
5) https://techcrunch.com/2017/04/09/how-i-made-my-own-vpn-server-in-15-minutes/
6) https://www.techradar.com/best/best-virtual-machine-software