Securing the anywhere remote worker
Remote working has become a hotter topic over the past year than ever before. There is no doubt that, even as the effects of the Covid-19 pandemic recede, proactive businesses will want to keep the remote working lessons of 2020 and 2021 at the very forefronts of their minds.
Organisations have learned that the more quickly, easily, efficiently and securely they can provision remote working, the more resilient they are in a crisis and the better able they are to operate competitively when required to rapidly alter working practices. They have learned, too, that efficient remote working is a powerful selling point to new and existing employees – and a means of building a quality workforce that can be based almost anywhere.
However, facilitating remote working also introduces a raft of new security challenges. Whether remote working is going to be a new, long-term normal for your business, or something you want to be able to supplement core office-based working, there are several facets of security to consider. Get these in order and you will be able to enjoy the benefits of remote working without the headaches.
Step 1: secure the endpoint devices
Securing each and every device used by each and every remote worker is the foundational step. However, the process of securing those devices can be variable, according to whether they are desktops or laptops, tablets or smartphones – and according to whether they are corporate or personal devices.
Legacy corporate devices, and personal devices, can be the biggest problem. More likely to be left without patches or vital upgrades, they should be audited regularly. All devices should incorporate key protective measures including password protection, antivirus and antimalware solutions and automatic locking after a period of inactivity.
Step 2: secure the software applications
Many organisations have found themselves running software applications they never expected to over the past year, in the rush to facilitate effective remote working. Now is the time to perform an audit of these applications too, and take a more measured approach to provisioning software to remote devices. The same security checks and measures that apply to on-premise software should also apply to remote working applications. As ever, the smaller the list of approved applications, the easier the entire portfolio is to manage.
Step 3: Secure the connectivity
Fast, efficient connectivity is of course absolutely essential for remote working, but exactly how to provision it can be a tricky question. Relying on staff members’ personal internet connections alone – or worse, the internet connections available in their local cafes – can be a recipe for a security breach.
The best option is a virtual private network (VPN), which enables staff members to securely connect to the corporate network, wherever they are physically located. Communications are automatically encrypted, and all users on the VPN are accredited and verified. VPNs can also be configured to comply with key business policies, such as installing the patches, upgrades and core security software outlined above.
Multi-factor authentication also becomes an even greater priority when enabling remote working, to ensure that malicious parties – or simply friends and family members – cannot access the corporate network, whether accidentally or deliberately.
Step 4: Secure the staff
An oft-neglected point, but one that can undo all the others. Human error is the cause of a frighteningly high proportion of corporate security breaches, and all of the previous steps are quickly rendered irrelevant if your staff are not properly trained on good security behaviours.
User education and training cannot simply be a one-off, delivered at the outset of someone’s career and then forgotten about. It needs to be dynamic, responding and adapting to the latest security threats and continually refreshing staff knowledge. From recognising the signs of social engineering, to understanding the latest malware threatening your sector, staff should be trained in myriad aspects of security.
Need more support in securing your remote workforce? Get in touch with MLR Networks today.