During the many lockdowns and subsequent remote hiring phases, many organizations were rushed to provide access to services, data and collaboration tools. With many firms now considering making remote working permanent, they must follow up with investment in security solutions for the remote access era.
There’s also the need to ensure staff are aware of the risks and unique challenges that remote working offers in terms of cybersecurity. While larger firms might have the IT partners and specialists to deliver these services efficiently for others, doing it in piecemeal fashion creates more risk. Finding a provider who can offer the tools and insight is a better option to meet your remote access requirements and scaling ambitions.
What can go wrong working from home?
While the popular press headlines are full of stories of people in Zoom meetings looking like a cat or having family members roaming about in the background, they gloss over the technical risks that remote work creates.
People were provided new laptops without security settings being checked or protection applications installed. New remote hires have been let loose on business systems without proper onboarding or credential checks, and workers using insecure networks or personal devices created further security risks for businesses.
Criminals were leaping at the opportunities pretty much the minute people started working from home. Cases of fake email invoice fraud rose as finance workers struggled with demand, while examples of CEO fraud, where people pretended to be the boss needing funds transferred, also rocketed. Hackers also broke into business Zoom calls and message chats to capture useful data for their plans.
As remote working becomes normal, firms need to follow the best practices set by the remote-first companies that have been doing this since before COVID-19, and either by design or luck had the luxury of time to get things right. If you need to get your workers operating in a data secure way and you don’t have the benefit of time, you need the security tools and expertise to do it correctly.
What you need for remote security
It starts with the basics - firms need to ensure strong password security among all workers. People are busy and want to get straight to work, so they pick very easy to guess passwords for collaboration tools and services that create easy entry points for hackers.
People also bypass the basics altogether; they might get fed up seeing update messages or scanning alerts and disable security tools, or they might not bother installing what the company’s IT people recommend. This means remote install tools are required to ensure workers’ machines are protected. If there’s no security software installed then tools like Malwarebytes offer at least some protection for free for individuals and at minimal cost for small businesses.
Protecting the networks comes next; workers and their families may have all sorts of devices carrying malware accessing their home WiFi or network (research suggests that home devices are over three-times more likely to have malware than a business device) that will try to leap on to a business network. Improved business network defenses including VPNs, gateways and next-generation firewalls can be installed to defend the company’s digital borders.
A recent trend in IT security is zero-trust tools. These assume that every user, app and data packet is suspect until proven innocent. They continuously monitor all network and user activity through smart automated authentication. Any unusual behavior requires further authentication or creates an alert.
How to best defend the business
For a company whose defenses stopped at the firewall, the new technology to support remote working might sound complex. But many products are now delivered through the security access service edge (SASE) model, like security as a service for the cloud era. They work as a single solution to protect a company’s WAN, provide zero trust and other features as a single cloud-delivered service model.
Even then, the technical requirements might seem complex for many firms, so getting a partner to deliver advanced security solutions is a preferred option for most. Managed IT security takes the complexity out of the equation and puts your business security in the hands of professionals who are on the cutting edge of the data protection battle.
They can provide the appropriate tools for your size of business, with room to scale in the future to protect data and workers. Even if someone else is handling the security, the business needs to be aware of the threats, using resources like Fortinet’s weekly threat brief to understand what the hackers are doing in plain language.
The hackers will never go away, so lucrative is their trade, so every business needs to understand the threat and build suitable defenses. Share that information up and down the business so workers can avoid the common tactics hackers and criminals use. And, as remote work continues to grow, ensure every device sent to a new hire is defended the minute they turn it on and that all hires go through proper security training and awareness sessions. This will all help to deliver a safe working environment that protects staff and critical business data from any threat.
Further reading:
Access the latest business knowledge in IT
Get Access
Comments
Join the conversation...