Your office is empty and quiet nowadays and so are offices across the world. According to a March 17th Gartner Survey of 800 global human resources (HR) executives, Covid-19 has forced 88% of organizations to encourage or require their employees to work remotely, making it difficult for organizations to prevent security threats. In a typical physical workplace setting, employees are performing their work in environments protected by firewalls, network monitoring, corporate issued endpoints, and other security systems. In contrast, in a home network, employees might not have access to these protective measures. This transition to a remote workforce creates security issues for employers. In times like this, it is crucial companies adapt to these changes in attack surface to keep their data and reputation safe.
Here are six ways companies can stay more secure in a remote workforce:
1. Password protect virtual meetings
Implement password protection for all online meetings to make sure those who are not authorized to attend the meeting are not able to participate. Or, screen users in the waiting room for the online meetings, so employees do not have to remember to bring the meeting password with them each time.
2. Maintain up to date software
By maintaining up to date to date software, employees are protecting themselves and the organization against vulnerabilities that may be exploitable. Look to enable automatic Windows updates and be sure applications such as Adobe are kept current.
3. Establish a VPN for employees
There is a higher risk that occurs when an employee is not connected to their home network, and they are usually connected to public Wi-Fi. While connecting to a home network is a safer option, it is important to connect to a virtual private network (VPN) at home. In those cases, it is crucial employees use a VPN if they are using public Wi-Fi by being in places like airports. The VPN network will encrypt the employee’s network traffic and securely connect them to the company’s network. In general terms, all work for the organization should always be completed on the employee’s home network. When employees use a public Wi-Fi, all data transmitted through that network can be easily accessed by virtually anyone making it for the business data to be viewed.
For IT staff, it is imperative they have the means to receive notifications and audit VPN logs, increasing attack detection and incident response and recovery.
4. Put in place two-factor authentication on all VPN connections
By utilizing two-factor authentication, it serves as a double layer of protection for every employee. In the first layer, employees can sign on to different systems using their first strong password, and the second layer of protection comes in when they use something they have (one time pin, code, or hardware token). By having two-factor authentication, it protects employees and organizations in case their password is compromised.
5. Educate employees to be careful with email and web browsing
According to the Microsoft Security Intelligence Report, there has been a 250% increase in phishing attacks between January and December 2018. In times like this, it is essential employees are more careful when opening emails and clicking on links. Employees will now most likely receive an extremely high amount of emails and online requests so will need to be on high alert for phishing attacks.
6. Make sure all data is backed up regularly
In some cases, if an employee’s computer becomes infected with ransomware, they will have to pay to access the files that are being held for ransom. If all data is regularly backed up, they will still be able to access their files by not having to pay for the files. If possible, consider moving business operations to cloud applications to make sure all data is being backed up regularly.
This list is not a complete list of all the ways to stay secure in a remote workforce but more so a few tips to navigate the remote working environment more efficiently.
