A few years ago, remote work was seen as a luxury for many employees. While there were remote work companies around the globe, hearing that someone worked remotely was somewhat surprising. For many, working remotely just didn’t seem feasible or a proper long-term solution.
My oh my, how the times have changed.
Lately, there has been a huge increase in the number of companies working remotely. More and more employees can work from wherever they want, whether that be their kitchen table or their favorite coffee shop. From the outside, there seem to be several benefits such as flexible scheduling, more family time, and cutting the commute. Remote working is part of the new normal.
However, several risks come with remote working. We’re not talking about the questions over productivity or lack of focus, but the issues revolving around remote work security.
With your employees spread around the state, country, or even globe, how do you make sure that your employees are on secure networks, company data isn’t being compromised, and employees are following the best security practices?
Today, we’re going to dive in and check out just what your company needs to do to make sure your workforce is staying safe and secure.
Remote Work Security Issues
When it comes to implementing a remote work security plan, what are the things that you most need to watch out for?
If you’ve used email in the last decade, you’ve no doubt received more than your fair share of phishing emails. Phishers don’t stop at just personal emails but will go after work emails as well to try and obtain sensitive information.
Estimates say that around 90% of all cybersecurity attacks are phishing emails.
Your home internet was originally going to be used for streaming Netflix or letting your kids play Minecraft. But now many workers are going to be working from home on these family-friendly WIFIs. Are they up to the proper security standards?
Device updates are annoying and they often come at the wrong time (AKA, just about any time). While some of those updates have cool new features, the bulk of those updates are there to patch security flaws and holes.
Devices always need to stay updated, even if they do come at inopportune times.
If your employee is using the family computer for work, how many other people have access to that device? While a five-year-old is more likely to care about funny YouTube videos than exploring the documents folder, you never know what random clicking around may do.
The more people that share a computer means there is a bigger risk for potential threats or mismanagement.
What Your Business Should Do
Since we’ve covered the most basic and common issues facing a remote work team, what can you and your company do to make sure you’re protected now and in the future?
Set up Two-Factor Authentication
Two-factor authentication, also written as 2FA, is an authentication method where the user must present two pieces of identification to access an app, website, program, etc. If you’re someone that’s used Google recently, you know that Google has been pushing 2FA for quite some time and even more so recently.
2FA is one of the easiest things you can do to bolster your remote security. Not only do employees have to enter their password, but they also must enter a code or approve the login with their cell phone.
It takes very little time to set up but the security benefits are very real and immediate.
Ensure Everyone has Secure WIFI
This, undoubtedly, will be the biggest challenge when it comes to your remote work security. While you can rest assured knowing your in-office WIFI is secure and stable, how do you make sure that all of your employees are working on proper WIFI?
Their home may be secure, but the local coffee shop down the road may have free and public WIFI. Using public WIFI to check the weather or your fantasy football score is fine but logging on with personal or company information is dangerous. It’s best to just avoid public WIFI altogether.
The most logical step is to encrypt your internet connection somehow, either through a VPN or hotspot if you’re out in public. VPNs are slowly becoming the norm globally as more and more individuals are wising up to protect their data.
Lastly, you can set up encrypted remote connections to a remote desktop to ensure that data not only stays on a work computer but all work is “done” on the work computer.
Have a Response Plan In Place
Coming up with a disaster recovery plan should be started during an IT security audit. No one ever expects the worst to happen but you’ll be happy you were prepared for it ahead of time.
When it comes to remote security, you need to make sure you have an incident response plan ahead of time.
Admittedly, this is much harder with remote workers. Not only is your employee where the incident occurred in one place, but your response team is likely in another.
But if an incident does occur, here are the things you need to have in mind:
- What kind of security breach was there?
- Do passwords need to be changed?
- Does any software need to be updated?
- What patches need to be installed?
If you respond quickly, you may be able to contain the issue or at least educate the employee on the best practices.
Speaking of that…
Educate Your Employees
When it comes down to it, your employees need to know the basics of internet security. They’re probably all too familiar with not opening emails from unknown senders (or at least their spam filter will sort that out for them), but they might not be mindful of other items.
You should be educating them on the following practices:
- Using strong passwords (using different passwords for personal and work use)
- Keeping work devices safe and secure (no laptops left in the car)
- Being cautious with work emails, sending and opening from unknown addresses
- Keeping personal internet use on personal devices
- Being mindful of who is around you in public places
While your employees may not follow all items to the T, they need to be aware of potential security risks. If anything, host a web meeting or have a hard copy of a document you can hand to your employees.
Use a Password Manager
No one can remember all their passwords these days and with password regulations like they are, can you blame them?
One of the best things to do is to have all employees install a password manager on their browser. That way, all passwords are in a secure location and if you have multiple team members trying to access one site, they can easily look up passwords.
That eliminates the possibility of employees messaging or emailing passwords in unencrypted messages or emails.
Develop a BYOD Policy
Party-goers and BBQ fans are all too familiar with BYOB, but what is BYOD?
This four-letter acronym stands for Bring Your Own Device. We’ve all used our own cellphone to check an email or respond to a message in teams, but you should be careful about what other information is being kept on those devices. While there isn’t a huge risk to check work items on a personal device, there needs to be a proper policy in place ahead of time.
After all, employees are probably going to be a bit more willy-nilly when it comes to security on their own devices. If those two are crossing over, it’s vital to be mindful of this and ready.
Besides giving your employees a handy-dandy guide to follow, you will also have a strict policy on data management. This will quickly settle any disputes that may arise between you and your employees about data protection and management. Protecting your data is a big part of remote work security, after all.
And, it’s going to clear up any issues when an employee resigns or is fired. You don’t want your data to stay in the hands of a disgruntled employee.
Use the Cloud
Here at Atiba, we’ve been singing the cloud’s praises for quite some time. The cloud is great, but what does it have to do with remote security?
Quite simply, the cloud is going to be much safer than your average worker’s device. Plus, it’s much easier to share and edit across multiple users and multiple devices. Keeping your content stored in “one” place is going to keep you sane and keep your information secure.
Use a VDI
VDI, which stands for virtual desktop infrastructure, is becoming a more popular technology that implores the use of virtual machines. Desktop environments are hosted on a centralized server and then distributed to users on request. One of the most popular VDIs out there is VMWare, which we happen to be experts in.
A VDI comes with a load of advantages, such as improved flexibility, ease of access, and user mobility. Plus, it increases security for users across the board.
There are two different types of VDIs: persistent and nonpersistent.
With persistent VDIs, the user is going to connect to the same desktop each time they make a request. Even though the link is virtual, a user can claim a computer as their own.
Nonpersistent VDIs, on the other hand, are when users connect to a basic, generic desktop that doesn’t save any settings or files. It’s like going to a library or internet café and booting up the first computer that you see available.
Generally speaking, nonpersistent VDIs are more common in companies that have a large number of workers who perform basic, non-complex tasks. Persistent VDIs are for dedicated workers that perform more complex tasks.
VDIs are incredibly popular among remote workers as it allows users to use their own device but want to “do their work” on a work computer.
But what makes them secure?
Data, content, and information all live on the server rather than your employee’s personal device. So even if a laptop is stolen, the thief won’t have access to sensitive information or data.
VDI can be quite expensive, however. There is a large upfront cost and setup can take a while, especially for a larger company.
Check Out DaaS
No, we didn’t stutter through our German lesson, DaaS stands for data as a service.
From the outside, they function similarly to VDIs but come with a few differences.
They can distribute virtual apps and desktops to essentially any device. So your employee can stay at home on their own device but connect to a virtual desktop to perform their work.
The primary difference between the two is while VDI is hosted by on-premise data centers, DaaS is hosted in the cloud. It takes the hardware management out of the hands of your IT staff and is generally less expensive but you probably won’t see that ROI until way down the road.
One of the more popular DaaS options out there is Amazon WorkSpaces provided by AWS (Amazon Web Services). It’s a great option for those running on Windows or Linux and can be scaled to use 1000s of computers around the world.
Just Be Smart
Fans of The Office will undoubtedly remember one of Dwight Schrute’s most famous quotes:
“Before I do anything I ask myself, would an idiot do that? And if the answer is yes, I do not do that thing.”
While not everyone can be as blunt as Dwight (or as receptive to his bluntness), he does have a point. So much of remote work security is just making sure you make smart, sound decisions. Don’t share passwords with anyone. Don’t leave devices unattended.
On the tech side, invest in a business VPN and look into cloud management and virtual machines. Some of those steps can be costly, but trying to recover from a data breach can be the most costly of all.
As we’ve seen, there are plenty of things you have to watch out for and plenty of things you can do. The best advice we have is to start small and then look into upgrading systems or devices. If you’ve already experienced some kind of breach or attack, then your timeline may have to be sped up just a little bit.
If you’re looking at making use of VDI, DaaS, or a question about remote work security, we’d love to hear from you. Not only are we a remote team ourselves, but our experts have years of experience developing secure systems for businesses of all sizes. Reach out today for a project quote!