Because employees or departments scrambled for ad-hoc solutions to remote working, they sometimes sacrificed robust security to get up and running as quickly as possible. Cybercriminals can also work from home or other remote locations, and many saw the rise in remote workers as an opportunity to exploit.
For example, a survey (1) of security professionals found:
· Most security employees struggled to offer strong security solutions to remote employees.
· At the same time, almost half of the respondents reported seeing an increase in phishing attempts.
· Most of these corporate security pros had concerns about their ability to scale security, respond to abrupt environmental changes, and the difficultly of controlling employee use of unknown and untested software.
Five security practices for remote employees
With the increase in cyberthreats and the concerns of security professionals in mind, it is useful for organisations to consider security best practices for two reasons: to help keep business systems free of threats and to ensure compliance with rules that govern privacy and security in different industries.
1. Two-factor authentication
With two-factor authentication, sometimes called 2FA, users must finish their login with a code that gets sent to another device, typically a mobile phone. It takes a few seconds longer to access the system, but it provides better protection against phishing attacks. One CTO (2) found that this simple measure reduced security problems in his company by almost 40 per cent.
2. Use secure connections
Most home workers will rely on their home Wi-Fi connections. Without any other protections, security will only be as good as whatever the employee's home internet company, router, and password can provide. To boost security, businesses may encourage employees to login through a virtual private network (VPN) or other methods of encrypting communication between home devices and corporate systems.
3. Endpoint security and monitoring
No matter how well the IT department protects logins and communication, it is still difficult to avoid the threat of malicious code entering systems. On the server end, organisations can employ software to block threats and monitor system usages.
Even though most threats stem from accidental vulnerabilities, it is impossible to ignore the rise of inside jobs as a source of risks. Not only will these systems provide a firewall against malicious software, they can also send automatic alerts for unusual data use and provide a clear audit trail just in case something does happen.
4. Develop and create clear security policies
Even before the coronavirus outbreak, companies grappled with security issues that stemmed from remote workers and the rising use of personal devices. For example:
· Personal devices may be allowed if employees adhere to security policies. For instance, mandating the installation of approved security software and only allowing employees login to the business network through corporate VPN.
· Employees in sensitive areas or departments can only use laptops or other devices that the IT department issues to them and to only use the devices in approved ways. This includes restricting these company-issued devices to work-only activities and not letting employees use them to watch videos or browse social sites.
It is important to develop clear policies. In addition to communicating these rules, organisations should ensure that employees understand why they are important and that they can incur consequences for ignoring them.
5. Deploy secure information systems
Deploying intelligent and robust document and data management systems may not take as much of an effort as businesses think it will. These systems come designed and built to offer robust security and rule-based access for both in-house and remote workers. They also provide audit trails and guarantee recoverability, so if something suspicious happens, it is easy to trace the issue to its source and remediate it. They can also help improve other important business processes.
Companies that employ a smart data management system worry less about an abrupt change from working in a corporate office to a home office. For example:
· Access to documents could already have been set by role, so the people who needed information would have an easy time accessing it, according to their security levels. To others, that same information would be invisible. The right people could view, change, add, or delete information, and others would not even see it exists.
· With built-in encrypted access and simple rollbacks for recoverability, an intelligent information management system can meet the requirements for the most sensitive data and systems.