Remote work has become more popular than ever, thanks to COVID-19, and as many as two-thirds of American employees do at least some of their jobs over the internet.
Given the popularity of remote work and its benefits for work-life balance, it isn’t going anywhere anytime soon. Companies are increasingly becoming dependent on remote work systems, and cybercriminals have taken notice. Organizations need to ensure that their systems are kept secure so that their workforce can continue to work remotely.
Remote Workers and System Security
Remote work provides both benefits and opportunities. In fact, many newer companies are entirely based on a remote workforce. However, remote work also has a significant trade-off in the form of greater security risk.
It is critical for you and your company leaders to acknowledge this trade-off and ensure your entire organization is prepared for threats to their remote work system. The seriousness of these threats can be difficult to acknowledge, as we have a tendency to believe we will never fall for a cyber scam.
Companies that have invested heavily in securing their facilities may also be reluctant to invest even more in securing their remote infrastructure. Additionally, companies have limited visibility into the setups that their employees use when working remotely, whether that’s at home, in a café, at an airport, or elsewhere.
The Dangers of Remote Employees for System Security
Securing your systems with remote workers is an incredibly difficult challenge. The nature of cybersecurity threats is constantly changing as technology evolves. Remote work also requires workers to adopt additional tools, and this increases the number of potential attack surfaces. Cybercriminals are becoming more sophisticated by the day, and scams that were previously unthinkable are becoming routine. For example, it’s no longer safe to assume that the customer service agent you’re speaking with is genuine, as criminals have been hacking VOIP systems and posing as representatives to collect credit card numbers and other sensitive information.
Remote work can also make traditional cyber threats more dangerous than they would be in an on-premise work environment. For instance, most people are familiar with phishing attacks, but because remote workers rely more heavily on email, the odds of phishing attacks being successful increase due to the higher volume of emails being sent back and forth.
Likewise, malware becomes a much greater threat because employees are using more devices to work remotely, potentially including their personal devices. Companies not only have to worry about the devices they provide being infected with malware, but they also have to worry about personal devices if they allow their employees to use them.
As new threats emerge and old threats take on new life, your organization must take many steps to ensure that computers, devices, routers, servers and other assets are protected from malware and hacking. You also need to ensure that data being sent to and from your systems is kept secure. If sensitive data is intercepted, the results could potentially be devastating for both individuals and your entire organization.
How to Secure Your Systems with Remote Employees
Fortunately, there are proven measures and practices for securing your systems with remote workers. The National Security Agency recently released a set of best practices for securing remote work, and your company should use the following guidance based on the NSA report for cybersecurity components to keep in mind when planning a remote setup.
Establish Best Practices for Remote Work
Given the fact that many discussions about cybersecurity can be highly technical, it’s easy to forget that cybersecurity is rooted in human behavior. If your company is going to be the victim of a data breach or ransomware attack, it will most likely be because of human error. The most sophisticated cyber security technology in the world can be rendered completely useless by someone clicking on a nefarious hyperlink.
This means establishing best practices is an essential step to securing your systems with remote workers. Best practices should cover areas such as:
- The use of personal devices
- If devices can be used for both personal and work-related business
- Data and apps should be used and accessed by remote workers
- How to report suspected incidents when working remotely
- Which networks are safe for connecting
Reinforced with regular training, best practices can go a long way toward preventing data breaches and other successful attacks. Some of the most basic snaps that employees can take, such as password-protecting laptops, can have a major influence on securing a system for remote work.
Install Antivirus Software and Firewalls
Hundreds of thousands of new malware threats are detected every day, and the best weapon against this never-ending onslaught is antivirus software. Installing antivirus software on all devices and computers is an essential step for securing your systems with remote workers.
Antivirus software also has a multiplying effect when it comes to security because it automatically scans your system on a regular basis to detect and neutralize any malicious software.
A firewall can prevent malicious software from ever entering your system by controlling all traffic entering and leaving your network. Having both types of protection in place safeguards sensitive data, including the personal data of both company personnel and customers. Regular updates help to ensure that these measures remain effective as security threats evolve over time.
Use Multifactor Authentication
First adopted in banking and other industries that handle highly sensitive information, multifactor authentication is now a standard practice just about everywhere. In fact, many of us now use multifactor authentication when handling our personal business.
In fairness, using multifactor authentication can feel like a hassle, especially when you’re in a rush. Your organization should configure its multifactor authentication in a way that ensures security without being overly detrimental to productivity.
Using multifactor authentication involves a few simple steps. First, it should be enabled within the network access control system. Once it is operational, the system will ask users to provide their login credentials and then ask for a second form of authentication once those credentials have been validated.
The standard approach to getting a second form of authentication is to send a single-use password via email or SMS message to an account or device controlled by the authorized user. Other forms of authentication can include:
- A hardware key, such as a USB drive
- Biometrics, such as a facial or fingerprint scan
- Security questions
- Physical location
Using multiple factors to authenticate access adds one more layer of protection to a network. Even if a cybercriminal is able to obtain an employee’s login credentials, they won’t be able to access a network unless they can provide additional authentication.
Most forms of authentication are based on something an authorized user knows or has in their possession. Authentication could also be based on something inherent in the user, such as their physical appearance.
Ensure Routers are Modern, Secure and Up-to-Date
When it comes to securing your system for remote workers, the routers that your employees use are critical attack surfaces that must be protected. If a router is compromised, it can lead to other devices on the system becoming compromised as well.
Older routers are notorious for being security risks. Any router that your employees use should be relatively new and no more than five years old. Also, employees should avoid using routers that are supplied by Internet service providers because this gives your workers more control over the devices they use to connect to your network. Router software should also be kept up to date and patched as needed.
Use a Virtual Private Network
When an organization sets up a virtual private network — or VPN for short — its remote workers access the network through a private connection called a tunnel. All data traveling from a remote worker’s device to the VPN passes through this tunnel as encrypted information.
Any device connected to an organization’s VPN will function as if it’s an on-premise device. The VPN shepherds all traffic to and from the organization’s network to the connected device while hiding all IP addresses from cybercriminals. This provides an extra layer of security while facilitating access control.
Companies looking to set up a VPN can choose from one of two security protocols: Secure Sockets Layer/ Transport Layer Security (SSL/TLS) or Internet Protocol Security (IPsec). With SSL/TLS, an organization provides remote access through a secure web portal that is secured using these protocols. With IPsec, the necessary authentication and encryption protocols are set up on both the VPN server and all remote devices. Organizations typically select the type of security protocol that best suits their needs and security policy.
Regardless of the chosen protocol, it is critical for all devices connecting to a VPN to be secured with antivirus software, firewalls, encryption protocols, and any multifactor authentications. After the VPN has been set up and all devices have been secured, remote workers can use the VPN to access your network in a way that is much safer and more secure.
That being said, a VPN is not a magic bullet solution. It can prevent some types of attacks, but it can’t protect against phishing and certain types of malware attacks. VPNs also have vulnerabilities that can be exploited by skilled attackers.
Generate Strong Passwords Using a Password Manager
We’ve all heard a million times about the importance of using strong passwords, but how many of us still use basic, easy-to-guess passwords like “password13” or your first name and birth year? If you or your employees are using passwords like these, you are begging to get hacked. You should also be using a different password for each login.
Password managers make it a lot easier to continuously generate strong passwords and keep track of them. These platforms can be used to generate all kinds of unique and complicated passwords that include any combination of numbers, letters and characters.
When it comes to passwords for accessing your remote work system, it is important to establish parameters that ensure the creation of strong passwords. Good parameters typically include a combination of lowercase and uppercase letters, along with numbers and special characters. This prevents your employees from using their birthdays or the word “password.”
In addition to creating and storing complex passwords, password managers also can be used to remind your employees to regularly reset their passwords, which prevents hackers from continuing to use compromised login credentials. Resetting passwords every six months is an effective practice to keep your network secure.
Embrace Encryption
Using encryption for data transmission is a standard practice in most industries. If your company isn’t using encryption when handling its data, it’s about time that it started. In addition to security financial transactions and data exchanges, encryption can also be used to secure a system for remote workers.
All information passed between your network and devices being used by remote workers should be encrypted. An easy way to embrace encryption is to use a VPN, which has encryption built in. It’s also important to make sure that all software and other remote work tools are using encryption protocols. These tools should be regularly updated and patched to ensure you are maintaining the highest encryption standards.
Cultivate a Culture of Security
The most sophisticated tools and rigorous security training programs are useless if your company doesn’t embrace security as a part of its company culture. Employees who feel tempted to cut corners and not use best practices are putting everyone in your company at risk, as well as your consumers.
For example, employees may feel that it’s OK to let their kids play games on a work computer or device. As we all know, children click on all kinds of links and pop-ups. This opens up your work computer to all kinds of malware and other types of cyberattack vectors.
Your employees should also be vigilant around smart speakers and other devices. It’s well known that devices featuring virtual assistants like Alexa will eavesdrop on conversations. While this is supposedly done for advertising purposes, eavesdropping virtual assistants can inadvertently capture company secrets. Part of your company’s culture of safety should be putting these devices in a room where you don’t discuss business or switching them off during work hours.
Let Taylored Help You Strengthen Your Security
At Taylored Systems, our cybersecurity experts have decades of experience under their belts, and they can help your business secure its remote systems.
We offer cybersecurity services along with a suite of other solutions as part of our overall approach to managed IT. By keeping your systems secure, our managed IT services help to reduce downtime. However, our managed IT services can also enhance customer service and guard against disasters with cloud storage and backups. If your company is looking for outside expertise, our IT consulting services can help you identify areas for improvement and key solutions.
Contact us today to secure your systems for remote workers and address other areas of need in your IT infrastructure.