With increased remote work due to COVID-19 comes increased cybersecurity risks — work done outside of the company firewalls and networks complicates normal data security and IT controls, increasing the chances of an accidental leak or malicious attack.
To help reduce these risks, here are some data protection best practices to consider.
1. Ensure the right VPN setup in remote work environments
Protective cybersecurity protocols may be in place in your office, but that’s often far from the case at home. If your company is not using a VPN (virtual private network) with your work-from-home employees, your data is especially vulnerable to cyberattack.
VPNs act as private tunnels for encapsulated and encrypted information to be sent back and forth over the internet between the devices your remote workers use and your central network.
Kris Nicolaou, founder and digital strategist at web applications company Brain Box Labs, says not all VPNs are created equal. "A commercial VPN isn't sufficient," he says. "Invest in a business-class VPN firewall or stand-alone, on-premise VPN server.”
Even a good VPN will have risks. "Ensure the security of your VPN or other remote networking infrastructure,” advises Aaron Zander, head of IT at security platform HackerOne. “Triple check all network configurations, permitted users and firewall rules.”
As an additional security measure, make sure your employees know they need to disconnect from the company VPN when not in use.
2. Check out authentication options
“Ensuring that remote workers don't fall foul of phishing attacks when resetting passwords will be crucial for employees working from home,” says James Stickland, CEO of authentication platform Veridium.
Multi-factor authentication is an option for all remote access paths including VPNs and internet-facing terminal servers. Although Strickland notes that authentication measures that require passwords or PINs put pressure on already inundated or unavailable IT helpdesks through resets.
“Software-based authentication that can be delivered remotely will be key to improving cybersecurity for home workers,” he adds.
3. Secure your company network
Maintaining a secure company network is vital to keeping remote work sites safe. There are several best practices and technology solutions that can help.
Consider limiting access so that employees can only view the data and information they need when they are working on it. It's also helpful to ensure your antivirus and anti-malware subscriptions are up to date, and consider using a cloud portal to manage security software on both onsite and remote devices.
If your business is hacked, you will need to act quickly. Steven Teppler, who chairs law firm Mandelbaum Salsburg’s cybersecurity group, says that mobile device management programmes (MDMs) can play an important role if security is compromised.
“In the event of a breach, such programmes allow you to quickly disable entire devices or remove corporate information located on the device," he says.
4. Secure your employees’ remote devices
The rapid move to remote work has resulted in many companies finding it necessary to allow employees to use their own devices, including home computers, laptops, and mobile phones. This creates the need for additional cybersecurity.
“If employees use their own devices, and particularly mobile devices, a VPN alone won't suffice,” Nicolaou says. “Enforce a policy that includes mandatory installation of business-provided endpoint security and management software.”
Verify that your employees are running current, maintained versions of their computer operating systems. Older versions are security risks. Also ensure all pending updates have been installed.
“To maintain control over employee remote workstations, offer to set up employee home networks. In many cases this can be done in a group remote meeting,” says cybersecurity professional Chelsea Brown.
“Have employees install company-approved antivirus software,” says Brown. "Also require all communications to be encrypted or completed within certain company approved programmes.”
5. Educate employees about remote work cybersecurity
Of course, cybersecurity safeguards are only effective when remote employees understand the risks and preventative measures. Many data breaches start when employees unknowingly click on phishing emails.
“Cybercriminals are engineering schemes to take advantage of fear and uncertainty brought on by COVID-19, such as fraudulent health alerts,” says Teppler. “When employees click on such links or open attachments, your network is exposed to malware, even if your system is protected.”
"Your best line of defence is regular security awareness training for employees and a company culture that encourages reporting suspected fraud," advises Pete Thurston, chief product and solutions officer at RevCult, a cybersecurity partner focusing on security and governance for enterprise companies using Salesforce.
"Hold instructional online meetings with employees about the latest cybersecurity threats," he says. "For instance, show signs of fake emails, which include a mismatch between sender name and email address, typos and poor grammar, calls for urgent action, and a non-legitimate website or one containing typos when you hover over the website link."