Remote working is becoming necessary in this quickly changing business climate.
As we move our workforce from within our offices to within their living room, the security foundations we’ve established to protect our infrastructure and data at the office must also migrate with remote working. The movement has been rapid. Only a few businesses were prepared for the shift. As we establish effective security policies and practices for future operations, we must remain vigilant. This time of transition must not be the hole some with more nefarious intentions have been looking for. In addition, there’s a lot of information out there and we need to make sense of some of it.
Here’s a few Tried and True Remote Worker Best Practices to keep in mind as we all migrate to the cloud.
To start, a lot of this list comes from a survey around the web from security professionals, condensed to help you make your infrastructure safer and your security posturer straighter.
This list will have 2 sections, one for upper management folks, and one for new remote workers.
Remote Working – Management:
Provide all your remote workers with access to a VPN.
Infrastructure is key, and you must secure it. Make sure to provide all your remote workers with access to a VPN (Virtual Private Network). VPNs act as a tool to help encrypt internet traffic and ensure that data sent through it is protected from prying eyes. Checking the encryption strength provided by your VPN service provider and making sure that all other security policies are set up correctly helps to avoid potential breaches.
Use Endpoint protection and install it on all of your devices, internal and remote.
Endpoint protection goes further than a regular Anti-Virus (though AV is included in the encompassing term). Consoles like “Crowdstrike” are ideal for providing endpoint protection. This particular solution comes with included services like: Process tree analysis, advanced host policy set up, security posture scores, and much more. In other words, whichever solution you choose to adopt, Endpoint protection is key to securing both internal and remote machines.
Send each remote worker a company device to work on.
Not only does this clearly draw the line for remote workers, in respect to personal use and potential unsafe browsing, but it also allows for complete control over an environment, making it easier to not only set up the necessary security infrastructure, but as well as troubleshoot potential future issues. This will also be invaluable for extended remote working, as you can choose when to modify computer settings and ensure that it’s up to date.
Practice the “Principle of Least Privilege”.
Make sure each remote worker only has to access to what they NEED to access. It may seem tempting to adopt policies that are wide in breadth to ensure efficient access to potential issues down the line, but if a remote worker isn’t practicing good security policies, then you’re only going to drive up the risk of a security breach.
Train all remote workers in cybersecurity best practices and how to properly use the provided security tools.
Training in cybersecurity often lends clarity to issues some remote workers might not be aware of, allowing for them to become more diligent and secure in their actions. Misuse of protection solutions provided by most security tools is a major cause of many of the security breaches we see. Training in that field can help prevent breaches.
Use a wired connection, if available, instead of WIFI.
To start, people looking for information can catch a lot over a wireless connection. Eliminating this vector point on your devices for potential security issues will do a lot to secure your home workstation. We know of some major exploits for wireless networks, and eliminating those concerns simplifies security at home.
Make sure to lockdown your workstation whenever you leave it.
While it may seem excessive, give clear instructions to those in your home about use of it. The information your company entrusts to you is only entrusted to you. Any family members passing by information might not be familiar with the NDAs and confidentiality on the computer. Social engineering is a key vector for security breaches and downsizing that risk through proper distinctions is key.
Be careful of E-Mail links, phone calls, and other social engineering/phishing vectors.
During this transition, those with nefarious intentions will be strongly focusing their attacks on those just beggingin to start remote working. This is becasue remote workers might not be as secure as they would be in a controlled setting. Double check email sender information and don’t click on suspicious links. You could always corroborate communications with managers to verify authenticity (especially if the topic is that of security/access related issues).
Follow recommended Security Policies as well as policies set by your company
Use strong passwords, lock down your router, make sure your computer software/Operating system is up to date. Also, use all security software recommended by your company. In addition, the policies are there for a reason. While seemingly an annoyance at times, these policies are designed by professionals to eliminate risk of attack and data exposure/compromise. You should be doing the same, as your own data is now at risk as well. Remote working provides all sorts of pros, but it can have its drawbacks as well.
Set up 2 factor authentications on your devices and log ins.
2FA includes things like a phone code, fingerprint, USB stick, or email code. 2FA requires an attacker to have access to 2 devices/accounts. Enabling 2FA greatly reduces the success of an attack for a compromised account/device. While some of these types of 2FA require more set up, it adds an extra layer of verification and provides a powerful tool for securing your devices in a remote working environment
Read more Cybersecurity News and Articles Here