In an effort to stem the novel coronavirus pandemic, organizations from Google to Condé Nast to the State of Alaska are ordering or “encouraging” their employees to work from home, or are in the process of preparing for a massive exodus of their on-premise workforce.
Accommodating a sudden rise in remote workers poses logistical and cybersecurity challenges, especially for organizations that do not already support large numbers of remote workers (or that have no remote workers). Even organizations that have an existing remote-work infrastructure will need to scale it, very suddenly and perhaps dramatically.
It’s important that cybersecurity protocols are not relaxed to accommodate remote work; in fact, they should be hardened. “Cybercriminals prey on companies that have their guard down, especially during times of chaos,” warns Darren Guccione, Keeper CEO and Co-Founder. “More remote workers equals more endpoints to attack. Home password security becomes an even greater risk to corporate password security since employees will be using remote access or services on personal devices more often.”
Here are 10 tips to maintain robust cybersecurity while your employees work from home or remotely.
1) Train and educate your employees about security awareness and protecting company information. Be sure to include situations that are unique to remote workers that wouldn’t normally show up when working on-prem, such as the dangers of using free public Wi-Fi.
2) Further to the above, instruct your employees to avoid using the free public Wi-Fi provided by businesses such as coffee shops. avoid using free Wi-Fi. Instead, they should tether to their mobile phone’s data plan, which is much more secure.
3) Instruct employees to disable Wi-Fi and Bluetooth services when not in use, to prevent their devices from connecting to unknown (and possibly malicious) networks.
4) Ensure that all devices sent home with employees are up-to-date on software patches. If possible, provide employees with secure, encrypted laptop computers and mobile phones.
5) If employees will be working from their personal devices, establish and enforce minimum security standards.
6) Provide employees with a VPN to connect to corporate systems or remotely access their work machines that are staying on-prem. A VPN connection is essential for maintaining full end-to-end encryption when connecting to a remote computer.
7) Utilize all of the security solutions you already have at your disposal. For example, some Endpoint Detection and Response (EDR) solutions and advanced antivirus monitor devices work outside traditional network perimeters.
8) Avoid having employees save work documents on their personal machines; utilize secure cloud solutions.
9) Make sure remote support is readily available to help employees who encounter technical or security issues.
10) If you’re not doing so already, secure your passwords by deploying a robust password manager such as Keeper. This will allow you to mandate and enforce policies such as using strong, unique passwords for all accounts, and using Multi-Factor Authentication (MFA) on all websites, applications, and systems that support it.
Keeper’s business password management solutions provide organizations of all sizes with full visibility into employee password practices, enabling them to monitor password use across the entire organization and enforce the use of strong passwords, MFA, and other security policies. Each employee gets a private, encrypted digital vault that can be accessed from any device, and organizations can set up shared folders for individual departments, project teams, or any other group. Employee permissions can be fully customized through fine-grained access controls based on their roles and responsibilities.