5 Security Measures to Minimise Risk for Remote Workers
In the wake of the recent outbreak of COVID-19 (Coronavirus), there is an escalating need to be ready to equip our employees to work remotely at very short notice.
Regardless of your situation, the number of people being asked to work from home across Australia (and the Globe) is significantly increasing every day. It is imperative you have the processes in place to ensure your data is secure and that you, as a business, understand there may be security implications that can expose our data and networks when employees are working remotely.
If your remote working IT solution is not implemented correctly and rolled out without defined policies and procedures in place, your confidential data and network could be placed in jeopardy.
What are the risks of remote workers?
As with any type of online work, we still need to contend with phishing and social engineering attempts to gain access to our sensitive data by exploiting known vulnerabilities.
However, the issue with remote working now brings to light new threats, namely the transmission of sizable confidential data across unsecured networks and accessibility of potentially vulnerable/compromised devices to your data sources.
So, keeping these risks in mind, here are some quick guidelines on remote working and security.
5 Quick Security Measures to Minimise Risk for Remote Workers
1. Provide laptops/devices to all employees
We recommend that all full-time employees are provided with individual laptops that are pre-configured with security tools and licensed products. This way, they can pick up their machines in an instant and work remotely without having to re-download files and programs.
However, depending on your business, it is acceptable for part-time and casual employees to utilise pre-approved BYOD laptops, assuming the correct procedures are in place and they are not accessing areas that could lead to a breach (see below for more information).
By encouraging employees to perform tasks on company managed devices, you retain all data on devices you have control over and can remotely manage. This helps to keep your data secure and in the event of a breach allows you to determine precisely where it occurred and how you can best prevent it from happening again.
Using company laptops also ensures that everything accessing your network and data is fully updated against any security vulnerabilities and has all required antivirus software. This is especially important given the prevalence of ransomware and just how damaging it could be to your business.
Company devices are also integral in managing any IT support issues via the installed remote management software. This will counteract any unapproved workarounds that may leave devices open and vulnerable to attack.
2. Secure Remote Access
The most significant challenge businesses face with remote working is the safety and integrity of their data with remote workers having unmetered access to sensitive areas.
While we all trust our employees to protect our IP, the issue is home office setups that might be unsecured. If there are significant amounts of sensitive data going from unsecured networks into your databases, you could risk a breach.
Enabling your mobile and remote workforce to work while continuously protecting your organisation from unauthorised access is one of the most difficult areas to facilitate.
Therefore, it is extremely important to invest in a secure mobile access solution that facilitates the security of your network. Cisco and SonicWall have great solutions for this.
3. Data backups (as important as ever)
The number one key to data security is regular backups, across every shared folder and device, including those given to remote workers. This will protect you not only from malware and ransomware, but also from simple mistakes such as accidental file deletion or machines becoming corrupt/stolen.
When it comes to working offsite, backups are more important than ever before, particularly given that remote workers often save files to their local device only or perhaps to a personal backup service, such as OneDrive. Both of these methods can result in severe consequences for your business. Saving to a local device only can result in irrecoverable data loss while saving to personal cloud accounts (where users often use weaker passwords) can result in a data breach.
We recommend that you firstly clearly write and enforce a policy to save all documents to a centralised file-sharing drive that you have access to. This will ensure that data is backed-up securely and in a location that you control.
We also recommend that you utilise software to securely back up users’ documents folder. This way, even if the above procedure is not followed, your data is secure.
4. Utilise Unified Communications/Collaboration tools
We have written before on the benefits of cloud-based VoIP services and everything we said then still applies now. However, in the context of remote working cloud-based telephony (and by extension a Unified Communications system) is irreplaceable.
A well-implemented suite of Unified Communications software can allow quick and secure sharing of files and instant messaging, both of which reduce employees’ reliance on outside methods for sharing documents and communication. In addition, Unified Communications provide presence functionality, allowing employees to see who is available, in a meeting, busy, taking a call, etc.
With regards to VoIP-Telephony, solutions like WebEx Calling utilises advanced encryption on any data communications. The use of softphones (or software phones) enables you to securely store up-to-date customer contact information and prevent any unauthorised access. In addition, it allows all employees to remain contactable without having to rely on any personal devices, further securing your communications and data.
5. Restrict the use of BYOD accessing sensitive data
As the IT world continues to move towards cloud-based IT solutions, the majority of your IT stack is available on any device without the need for installing software/programs. Your employees can access their applications through their smartphones, tablets or home PCs. Therefore, limiting the usage of BYOD (Bring Your Own Device) is extremely difficult.
When connecting to your network or accessing secure data sources, personal devices may open your network to large numbers of vulnerabilities if they do not have up to date protection or operating systems. BYOD devices can have significantly worse security than managed devices, providing gaping holes in your network security.
Instead, as stated above, we recommend that you supply all employees with devices that you know have up to date security in place. You can also restrict what they have access to and whether they can upload anything to your databases through your network.
Kon Katsieris - Group Vendor Partnership Manager
As the Group Vendor Manager at the Netway Networks, Kon’s role is to understand the specific needs of Netway’s client base and deliver innovative solutions to ensure client satisfaction, business efficiency, and growth is achieved.
Kon has been working with the PNORS Technology Group for over 25 years and played a significant role in the growth of the company due to his passion for discovering and implementing emerging and innovative tech while taking pride in helping his clients grow their business through digital transformation.
Join our Mailing List today
Our IT insights are yours.
Join our mailing list today and receive free IT insights straight into your inbox.