Whilst your device is kept in a locked house while you are working from home, that does not mean its connections are.
Here are a few reasons as to why you need remote working security measures in place – and how you can implement those systems effectively.
With the announcement of the COVID-19 lockdown restrictions which were imposed, the demand for implementation of home working solutions blew up overnight. For many, this new strategy was the opening on pandoras box – given 2020’s unparalleled events kickstarting a drastic and rapid move to remote working – when more than 50% of UK businesses lacked the infrastructure/ cloud-based services at the time.
At this point, most UK organisations now have their remote working solutions in place by making use of Microsoft 365 and its offerings such as Teams, SharePoint File storage etc. However, ensuring all these remote endpoints are protected effectively could be another matter entirely.
Here are our recommendations on what a company fundamentally needs to protect their users and devices while they’re outside the supervision of the workplace.
1. Company Mandated Hardware
In a pinch, you can rely on the average user to possess a mobile phone, a tablet or maybe even a laptop which they have for personal use. Potentially, to save cash flow, you may decide to introduce a BYOD (bring your own device) policy – so people can use their personal devices to work remotely. However, since these devices are from an external source, you have no idea what is installed on them, whether that be security patches or even the potential for malicious software’s. Sourcing your own hardware might sound like a nightmare in regard to capital expenditure, however it’s the cheaper option to having to recover from a data breach and/or compromised services.
2. Secure Home Wi-Fi Connection
Due to working remotely, your users will not be using the same connection as they once did in the workplace. Most people use the default password which came as a sticker on the back of their router – whether it be a BT hub or Sky etc. As a result, malicious hackers can sometimes deduct the structure of the password for said connection based on its broadcast name (SSID.) As a result, it is a good idea to send some kind of blanket communication business-wide to everyone letting them know this flaw, and that it might be a good idea to change this themselves – which is easier than you might think with a quick google.
3. Virtual Private Network (VPN)
A crucial fundamental to working remotely is being able to access workplace resources. In the event that these are still on-premise and not cloud based, you will need your Virtual Private Network (VPN) setup configured. Not only will this allow you to be able to access the workplaces’ network from anywhere in the world, but it also allows you to protect your identity online as the internet traffic will be tunnelled. A great example of this is public WiFi found in coffeeshops etc, are an easy target for a hacker to snoop on your connection over the internet, potentially revealing details such as credentials and the sites you are visiting.
As a result, VPN’s route the web traffic between your users, your internal company infrastructure and even cloud services. Not only confidential information is hidden, but also any personal identifying information (PII) is hidden too – anyone who is nosy would be clueless as to what you are doing since the transmission of data is encrypted.
4. Multi Factor Authentication (MFA)
With many services now being 100% cloud based and secured behind a credential, it has never been more important to enable MFA for security. A leaked password which may be used to attempt to access company resources is useless without a one-time only token to authenticate – protecting users from the effects of phishing attacks and data breaches.
5. Email and Anti-Virus Protection
One miss clicks on a link or opening the wrong attachment is all it can take to have a system breached nowadays. With email and internet virus protection provided by Managed ESET, we offer corporate-grade protection which is the new standard all endpoints which require protection – whether this be servers or user devices – threats are proactively prevented from reaching their target.
6. Phishing and Security Training
Its important that employees are vigilant and know what common threats can be found online. If possible, keep performing regular awareness events such as phishing tests and basic security training. This will protect your business and users from common cybercrime campaigns.
Please contact us today if you are seeking advice as to how you should adopt any of the above solutions; your hardware and devices will be as secure as they would be within the workplace upon their return to the office.