Aside from potential drops in productivity and the loss of collaborative working, a major drawback of remote working is the increased risk to cybersecurity. Data breaches, malware or damaged servers can all prove catastrophic for the modern business and, as such, employers need to ensure that their remote workers are working safely and securely.
So how can IT teams ensure remote workers are using secure connections?
1. Be attack ready
In business, there’s always space for optimism, but very little room for ‘blue sky thinking’. As such, it’s important to recognize that the worst might happen and to be ready for it. In practice, this means that the business needs to adopt the mindset that sooner or later, a data loss, breach or cyberattack will occur. The importance is knowing what to do should this happen.
2. Identify potential issues
After accepting the reality that problems will occur sooner or later, the next step is to work out what they might be. If a business deals with sensitive customer data, what would the implications be for losing it? Loss of reputation? Regulatory punishment?
Another common threat to business is malware and server hijacking. These can prevent a business from being able to operate at all, often until a ransom is paid. Yes, you can take out insurance policies against these types of threat, but they’ll only pay out if all due diligence is properly followed.
3. Create employee policies
Set clear rules for employee conduct to strengthen your cybersecurity. The policy should cover points such as whether work devices can be used for non-work activities and if this kind of use is not permitted it may even be worth blocking these kinds of sites.
The policy should also guide employees on what to do if they receive suspicious emails, whether a device can be used to log onto public WIFI, and whether employees can install 3rd party software into work devices.
4. Use encryption
Encryption of sensitive or even semi-sensitive information is always advisable, but it is of paramount importance in instances where employees are working remotely. All company email accounts should be set up with auto-encryption software, which means that if an email is sent to a wrong address or intercepted, then the recipient won’t be able to read it.
You may also choose to encrypt information stored on your servers so if a device falls into the wrong hands, then the sensitive information will have an extra layer of protection.
5. Use a VPN on all devices
A virtual privacy network (VPN) can be installed onto any device to create a virtual, alternative IP address that helps mask the real one and make it harder for 3rd parties to monitor a user's activity or track them.
There are a lot of different VPN providers out there and some are much better than others. Some specialize in serving enterprises and as such can offer package deals where an account holder can protect multiple devices. There are also VPN programs for Android or IOS smartphones or specific operating systems so it’s important to be consistent with the devices that you allows employees to use.
However, note that VPNs aren’t fool-proof, just an added layer of protection.
6. Manage data properly
Data is big business these days which means that it’s very attractive bounty for hackers and cyber thieves. All data is potentially valuable and sensitive to somebody and, as such, needs to be managed with care.
Only ever allow employees to access data on a ‘need to know’ basis and make sure that sensitive data can’t be easily downloaded, printed or emailed without proper clearance and permission (if at all).
7. Conduct regular employee training
Having policies and best practices in place is all well and good but they only work if employees are aware of them and know how to follow them. Therefore, you need to conduct regular employee training sessions to refresh their understanding of existing procedures and update them regarding new ones.
8. Collaborate with 3rd party suppliers
If a business works with 3rd party suppliers or vendors, then it’s important they also comply with the businesses cyber and online security standards. For example, a 3rd party supplier may at some point be entrusted with sensitive data so it’s vitally important that they handle it correctly.
Likewise, 3rd party suppliers should also be required to use VPNs and to adopt the same encryption software as their client business in order to protect emails.
Access the latest business knowledge in IT
Get Access
Comments
Join the conversation...