Published: May 28, 2020 | Comments
Remote working has increased the cybersecurity risks for organizations, with employees no longer enjoying some of the protections that they had in the office. Due to a less consistent security practice and a massively expanded attack surface, employees, and the companies they work for, can be at risk.
Here we take a look at some of the steps businesses can take to ensure that their security is maintained when employees work from home:
It is first important to cover the basics; protecting desktops, laptops, and other endpoints. The pandemic has made attacks on endpoints more likely, as devices used outside the protections of the office are more vulnerable. This means businesses must be putting more into employees’ endpoint security.
This means that all devices should have antivirus software installed on them as a minimum. It can be especially wise to look at investing in next-gen antivirus software, such as an Endpoint Detection and Response platform. This provides deep threat visibility and allows security teams to automate incident response actions, such as isolating an endpoint that has been infected with malware.
Configure VPN tools securely
Many organizations use Virtual Private Networks (VPNs) to enable remote workers to access corporate applications and data. However, in the rush to implement home working, the use of VPNs may not necessarily become standard practice. For example, many may use a VPN to access company services, but not for standard browsing.
Businesses should, where bandwidth allows, encourage staff to connect to the company VPN to carry out all work-related activity, as this affords them the defenses of the company firewall.
Implement multi-factor authentication
Multi-factor authentication (MFA) provides employees with an extra layer of protection should their password ever be compromised. MFA requires users to have one or more forms of authentication, in addition to their password, in order to keep their accounts secure. This could include a temporary login code sent to a mobile phone, for example.
Enhance threat visibility
When staff work at home on a number of different devices, it means that security teams have less threat visibility. Not being able to see what sites employees are visiting and files they are opening makes it difficult to protect users and provide the same level of defense that employees would receive while working in the office.
Audit log analysis, either conducted in house or conduced by specialists, can help to identify suspicious user activity, such as employees apparently logging in from unknown locations or attempting to access restricted files. It is also possible to monitor other important log events, such as the use of VPNs and other remote access tools.
Review user privileges
Make sure that employees and administrators only have the privileges and access that they need in order to carry out their roles effectively. If all employee accounts have full company-wide network access, just one compromised account is enough for cybercriminals to have access to everything.
Provide security awareness training
It is important to provide staff with security training to make them aware of what they need to do to protect themselves while working at home. There are plenty of online training packages that staff can access and use from home, rather than having to use traditional classroom-based training.
Don’t make rash decisions
There is no doubt that now is a time when businesses are finding themselves increasingly under pressure, and there can be a desire to maintain business as usual at any cost. However, it is important to remember that cybersecurity is something that is vital to every business and cannot be overlooked.
Prioritize the security of the business rather than making a rash decision that benefits the business in the short term but weakens cybersecurity overall.
What tips can you add? Do you have a different take? Let us know on Twitter.