As the pandemic rages on and emerging COVID variants delay the return of many employees to the traditional office environment, remote working, or “telecommuting,” continues to be the “new normal.”
Remote network access went from an important but infrequently used capability to the standard operating procedure for swaths of professionals.
As many organizations continue to provide a long-term remote work policy, it is imperative that employers ensure that their internal security measures are up to the task. Those concerned with ensuring better security should compare their current suite of security measures against the recommendations below:
Ensure your network accepts connections only through an encrypted virtual private network, or VPN. This is a critical first step for secure remote working. VPNs provide an encrypted “tunnel” between an employee and the company’s internal network (and back), which provides a secure connection as employees continue to remotely access their employers’ networks.
Invest in and enact mandatory multi-factor authentication. MFA involves validating the identity of a person and is critical to defending a network against many types of cyber threats, including phishing and credential stuffing attacks. MFA is designed to protect against unauthorized network access even if an employee has had his or her account login credentials compromised.
Implement mandatory employee social awareness training. There is no better time than the present to train your employees on how to recognize and avoid many types of cyberattacks, especially phishing attacks. Social awareness training is critical to ensuring that your employees can better recognize and prevent many types of fraudulent cyberattacks from infecting your network. This is a low-cost and highly effective way to protect your network.
Ensure employees are using coordinated storage. As employees move farther from the main office, the information stored on their personal machines is at greater risk. If your organization uses some form of centralized or cloud data storage, ensure that all employees actually use this storage. This practice will ensure that work is not permanently lost if a machine is stolen, compromised or damaged.
Implement “layered” security for your network, also known as “defense in depth.” In addition to requiring a user to log in with his or her credentials, consider “layering” your network security by adding measures such as MFA, password hashing and salting, biometric verification, application white-listing, and/or secure network logging and auditing.
Implement data encryption. Consider ensuring that you encrypt your data “at transit” and “at rest” to ensure that, even if your networks are compromised, the cyber-threat actors will not be able to obtain or use any of your critical data.
Review your bring-your-own-device policies. Pre-pandemic, many employees were already working on personal devices. Now, working on personal devices is nearly impossible to avoid. Organizations should review their BYOD policies and ensure that they are setting adequate security controls on the use of external devices and appropriately limiting their access to company data, to ensure that critical systems are not endangered.
For the foreseeable future, remote working will continue to be the “new normal.” It is critical, as a business owner, to ensure that your business has sufficient and appropriate security measures in place to make your network and data as safe as possible.•
Harbour and Weiss are attorneys at Faegre Drinker Biddle & Reath LLP, where they are members of the firm’s privacy, cybersecurity and data strategy practice team.