How can you secure your remote workforce? What should you be thinking about when some (or all!) of your staff now work-from-home?
While many businesses scrambled to cobble together solutions to keep things running when pandemic restrictions suddenly forced unprecedented numbers of workers into work-from-home situations, how many of those businesses are sure their solutions are secure?
We’ve summarised 5 things you should be thinking about when it comes to the security of your remote workforce below.
1. AV & Endpoint Protection
Whether you’ve supplied your work-from-home staff with their remote workstations or they’re using personal computers, wherever company resources are accessed you must ensure your organisation’s systems and data are protected.
Making sure you have a policy in place whereby any employee using a home computer to access company resources must have a minimum of anti-virus protection in place is one of the key steps you can’t miss.
Another step that shouldn’t be overlooked is the encryption of your data. While it’s true we want to make it so that our data never lands in the hands of anyone it shouldn’t, it still can and does happen. Be it via malicious or negligent parties, your data can end up where it shouldn’t. With a robust data encryption solution as part of your security strategy you’ll ensure that if someone does get their hands on your data, it will be as difficult as possible for them to actually access that information.
Finally, consider where you might be able to deploy cloud-based solutions which can provide a way to monitor remote workstations and ensure compliance.
2. Secure Access
Part of your secure access strategy should be to ensure that “least privileges” are granted. Essentially, this means that if someone doesn’t require access to something, they don’t have it.
As your organisation grows, it can be difficult to keep track of access levels granted and so you’ll want to consider ways to easily audit and automate the processes around these tasks.
Another element to reduce your risk will be the implementation of a policy whereby access is immediately revoked when an employee leaves. This should be done straight away, yet, too often, access rights to systems remain for staff members long-gone. This leaves your business vulnerable.
And do you know what happens if a computer is stolen from an employee’s home or while they’re on the road? Clearly, this would present a real threat to the security of your organisation. Yet with appropriate secure access measures in place, the risk can be greatly reduced.
3. MFA
Part of the whole idea of “secure access”, MFA (multi-factor authentication) plays a major role in keeping data safe in today’s threat landscape – particularly as cyber threats become more and more sophisticated – and so we’re giving it separate billing here.
The idea is that (at least) two pieces of information are needed to verify a user before access is granted, making the login/authentication process much more secure.
So, for example: after entering a username and password a user might need to enter a code that’s texted to a mobile number.
You’ll want to ensure that your authentication solution is simple to use while also providing the right level of security.
4. Phishing
Much of the unauthorised access to systems around the world today are as a result of successful phishing scams.
A type of social engineering, phishing scams are carried out to get valid user credentials which are then used to access systems.
And they’re not as easy to spot as you might think.
Today, it’s possible for a scammer to insert a phishing message right into a valid text exchange between an account holder and a bank, for example.
Think about that for a moment.
How many of your employees would feel comfortable in that situation providing whatever information the “bank” was asking for?
Other successful scams have included a business’s “CEO” requesting the accounts department to transfer funds to a certain account, or a regular “supplier” updating their banking information right before a large payment is due to be made.
In the first instance, the scammer needed nothing more than the CEO’s name and a cleverly spoofed email address.
In the second, the scammers had been monitoring the company email exchanges for some time and knew when a large supplier invoice was due to be paid out and so when to get in touch to update the banking information to their own.
Of course, by the time the fraud was detected, the money was long gone.
Interestingly, each of these cases could have been avoided by a simple phone call to confirm.
The point? Educating your colleagues on these types of scams is a powerful way to help protect your business. Make it a regular event to remind your staff about how these fraudsters operate and how to practice good cyber hygiene[https://unitec.ie/do-you-practice-good-cyber-hygiene/].
Feel free to share Unitec’s handy information sheet on how to avoid phishing scams [PDF link].
5. Trust the Experts
The security of your remote workforce is a big responsibility.
There are many factors to take into account and situations that you might not be able to plan for. And as the threat landscape continuously evolves, it’s unlikely you can stay on top of things and successfully run your own business at the same time.
That’s why trusting the security of your remote workforce to security experts is often the smartest choice.
Unitec has built relationships with world-leaders in cybersecurity to ensure that we remain at the cutting edge of the security landscape and can continue to bring those solutions and innovations to our clients.
With a whole suite of security solutions, including training for your staff, we’ll work with you to build, implement, monitor and maintain a robust strategy to secure your remote workforce and protect your revenues.
Thinking or hoping that your remote workforce is secure isn’t good enough. With managed security services from a trusted managed services provider, you’ll know it is – today and into the future.
Get in Touch
If you’d like to learn more about securing your remote workforce, or about all the ways Unitec can support you with your IT operations, send us a message below or call us on 0818 222 132.