secure remote workers thumb

Risks and best practice for secure remote workers

Remote working has been an increasingly large concern for businesses over the last year. Where once members of staff would work from home for a fraction of their contracted hours, the spread of COVID-19 has meant that remote working has become the norm in what is actually a very short space of time.

Because of the need to get workers up and running with a minimal loss of working hours, the risks to digital security and cyber integrity have increased exponentially.

The biggest threats to cybersecurity in homeworking

It’s well established that remote working is not as secure as working from office-based devices and networks. Endpoints such as laptops used at home pose a threat, as human error and shared usage amongst individuals creates a higher potential for spyware and malware to breach the business network more easily.

Collaboration and conferencing apps, which have seen a huge explosion in growth during COVID-19, have also been responsible for expanding attack surfaces. The threat posed by substandard patching protocols in these programs has been so worrying that the likes of NASA and Google have actively instructed employees not to download and use certain apps.

A recent survey from the Work-from-Home (WFH) Employee Cybersecurity Threat Index, released by Morphisec, showed that nearly 25% had no idea what security protocols were active on their devices, while the same again reported issues with WiFi signal that could adversely impact on antivirus software.

In the face of these results and the continuing pandemic, it is more important than ever to set up and implement best practice for securing remote workers.

Here’s what you need to consider:

Create a remote working policy

The first step should be to create a set of guidelines that demonstrate how employees should be working remotely in order to combat remote access threats. A clear and concise policy will be a huge step forward in mitigating the risks that come with using remote access systems.

A good remote working policy should cover:

  • Whether or not personal devices are acceptable for working remotely
  • Which data is suitable for download onto personal devices
  • Whether non-essential software can be downloaded onto company devices supplied for remote-access working
  • How to report suspected attacks to IT personnel when working remotely

Secure remote worker

Designate and secure specific remote work devices

In an ideal situation, organisations should provide their employees with devices that are specifically set up to be used for remote work. Because of the speed with which the pandemic hit however, this was not always possible.

In the US, it was reported that 56% of employees spent last year using personal computers to complete their daily work tasks. With the pandemic still keeping employees out of offices, and remote working becoming a more viable proposition in general, it has become more important than ever for businesses to supply their employees with devices that can be directly managed by the IT department.

Only by keeping a closer eye on these computers can you be sure that they are properly updated and free of weak spots such as out of support software or suspect data

Manage sensitive data securely with encryption

The importance of sensitive data cannot be understated, so it’s key that you secure it using encryption and access control.

The prevalence of remote work has made it more difficult to ensure that staff deal with sensitive data correctly, especially if compliance rules meant that the information has to remain on certain servers. In these cases, you must make sure that the data cannot be copied and downloaded to home devices in order to maintain security integrity.

The best way to bolster security is by encrypting all data exchanged over the network between company-owned and remote work devices. Instructing employees to connect to remote systems using a VPN, which provide built-in encryption, is an easy step to take, as is using applications that feature end-to-end encryption over less secure options.

Perform regular back-ups to hard drives

It’s likely that most of your data is now stored online in the cloud. Cloud storage is great for ease of access, and they mostly come protected with encryption as standard. That being said, it is often worth periodically backing up your most sensitive and important data onto a physical hard drive.

Physical storage may not always be as reliable as the cloud, but it cannot be hacked remotely and will give you an extra layer of security.

Make use of two-factor authentication

Two-factor authentication is becoming more frequently used to access online portals such as banking and other financial and business services. Instead of simply inputting a username and password, two-factor authenticate allows you to implement a second requirement for log in. It could be as simple as adding a mandatory memorable information field, or more complex, like sending a verification code via email or SMS.

Using either of these options creates a further level of security that makes it harder for hackers and scammers to gain access to networked systems.

Implement operating system isolation

A more complex solution is to invest in an operating system isolation (OSI) platform. Using an OSI tool allows you to separate operating system environments, so securing remote access becomes a matter of dedicating one OS as a privileged environment. This has the benefit of ring-fencing access to sensitive data and systems, while a second OS can be given to day-to-day work, with greater permissions for general internet use, email access, and use of non-sensitive data.

If the general OS is breached through user error, then any bad actors are contained within it. They won’t be able to see that the privileged OS exists, never mind reach it. It is also possible to wipe the general OS clean at certain intervals for extra protection.

By following these best practices any business can protect their sensitive data from attack no matter how much they continue to embrace remote working in the future.