May 5, 2020
There’s been a lot of information recently on the soft side of our new remote reality, like how to focus, retain productivity or simply stay sane. And though it’s important to support people in a suddenly shifted perception of regular life, there is another business-critical perspective to grasp: Some companies are facing remote work security as a real challenge for the first time ever. People who have never freelanced or had remote jobs must first overcome quite a few technical challenges before they can even start thinking about productivity.
Some companies have a certain degree of flexibility when it comes to office space and can therefore provide every mean possible for the employees to work from any part of the world and deliver results successfully. However, many companies are still tied to the physical office space and have never been flexible in providing possibilities for employees to work remotely. This post is for them.
Our recommended remote work security checklist is an action plan that’s crucial, doable, and might save your data, reputation, as well as your place under the sun. We are listing only the necessary steps here to ensure your business is not interrupted by cybersecurity threats (or at least keep you and your company as safe as possible), and that ensure your processes stay consistent.
Avoid Many Remote Work Security Risks by Using a VPN
A proper virtual private network (VPN) ensures secure end-to-end communication between remote workers at home and the main server, which could be your secured office servers acting as a VPN gateway. Using a company-provided VPN is one of the first and most important recommendations for remote work. A VPN ensures security of end-to-end communication as opposed to using Remote Desktop Protocol (RDP).
Important: VPN servers must be kept up to date. Keeping in mind the increased attention for remote work from illicit entities, VPN server security itself is of high importance. Keeping it up to date and patched from known weaknesses and vulnerabilities is one way to increase cybersecurity.
Protect Access to System sand Accounts: Enable Multi-factor Authentication Where Possible
Multi-factor authentication (or Two-factor Authentication, 2FA for short) is another security layer worth adding on all accounts to avoid unauthorized access to your systems. It’s important for any system that should requires authentication. 2FA protects your accounts from primitive, but still highly popular credential stuffing attacks.
Credential stuffing attacks exploit the very humane habit of reusing the same passwords for different services online. If a password is exposed in a data leak, their username/email and password combination can be reused to access other services and sensitive data.
Using 2FA protects your business account against credential stuffing attacks since your username and password are no longer enough to access your data – you also need to confirm the authentication attempt via a specific authentication app, by entering a code sent to you by SMS or other means that are accessible only to the account owner.
With two-factor authentication, your account is protected not only by what you know (your password) but also by what you have (your phone usually).
You should absolutely use 2FA to protect your email, data repositories, online documents, finances and other matters.
There is basically no difference in what authenticator you decide to use – Google Authenticator, Microsoft Authenticator or a trusted third-party source authenticator application. If in doubt, your IT department is the source of truth for such recommendations.
Deploying and Upgrading Security Solutions for Remote Work
A perimeter firewall and antimalware are two essential security solutions that should be deployed in every company that deals with data.
A perimeter firewall protects your router, the entrance point to your local network. Its protection mechanism secures not only your work equipment, but your Internet-connected home equipment as well.
Perimeter firewalls (or smart firewalls) for your home environment not only keep outsiders away from your local network but also provide additional layers of security for devices communicating outbound. CUJO AI has been working in this area and improving home security for years, but your telecom might have other protection choices – use them.
When it comes to antimalware solutions, they have been overlooked for the past several years. Still, your work laptop or computer must have one installed and updated, with periodic scans enabled. Ensure remote workers understand it is their task to ensure that their personal equipment is protected too.
One infected home device can cause real harm attempting to infect other devices or leak business data.
Make sure to protect your personal equipment; your work equipment might already be cared for by your IT department.
Setting Data Security and Remote Work Policies
Existing security policies in lots of cases cover secure work requirements for a certain physical location within certain protected and regulated networks. They often exclude remote working in dangerous and harmful environments, and remote work from home is currently such an environment. In its essence, a home environment with an undefined set of personal devices mixed with work equipment, all used to reach an organization’s sensitive data and resources, is a dangerous combination.
An effective remote work policy must clearly define and outline:
- How remote work is organized.
- Which equipment and software should be used to access certain assets and which shouldn’t.
- How users are protected against the most common threats in remote work conditions.
Controlling the Security of Remote Operations
Your IT department is most likely doing everything to provide the best conditions possible for business continuity and security. However, a big part of the responsibility lies with you too. Follow the best practices and guidelines for your work equipment and adapt them to secure your own assets to strengthen the remote working space.
Consult your colleagues, learn, and then consult them again. Share best practices and findings.
One common company pitfall is to focus on improving business continuity while security is left at a lower priority. Such an attitude is dangerous but not rare.
What each of us can do to prevent overlooking important security issues is give prompt feedback when something suspicious happens or when deployed security solutions don’t work as instructed.
KEY TAKEAWAY: Threats Are Not Going Away
The sudden switch from a secured and regulated office environment to distributed and unprotected workspaces brings many challenges. Remote access of organizational assets has triggered the increase of unwanted attention, phishing and scam attempts and overall remote work security risks. This remote work security checklist gives you the opportunity to learn, adapt and use the best cybersecurity hygiene techniques that are recommended first and foremost by your organization and respected resources in order to mitigate the risk or lessen the impact of things going wrong.