Implementing a Successful Remote Work Model
A work from home (WFH) model has become increasingly popular in the past several years as the COVID-19 pandemic showed organizations that not only is remote work possible, but comes with unique benefits as well. Studies have recently shown that working from home increases productivity by at least 29% according to Forbes. This is due to the fact that workers feel like they have more flexibility to make their own schedule and get their work done in a more comfortable environment.
Additionally, employees spend less money on gas and car related expenses while employers save on infrastructure and office spaces. While WFH can be beneficial for organizations, it still requires some effort to create a secure work environment wherever your data and workers exist.
Working From Home Security Concerns
There are a number of security concerns that come with a remote work environment. When employees connect to business resources from home, they are most likely doing so from an unsecured network without the standard security controls that would typically be in place at the office. Remote workers don’t have access to the same robust email filters, firewalls, or monitoring systems in place to protect them from attackers. Additionally, companies have near zero visibility into how their data is being created, stored, or used by their workers.
Unfortunately, cyber criminals are privy to the fact that remote workers are wide open to attack if they can find the right vulnerability. Speaking for ChannelPro Network, CorpInfoTech Founder and President, Lawrence Cruciana, stated that unauthorized apps are a common security issue among remote workers. CorpInfoTech found that workers were using unapproved conference apps rather than approved systems like Teams or Zoom. Unapproved and unsecured software represents a huge vulnerability for remote workers.
Other issues that make it harder for organizations to monitor traffic and root out suspicious activity include the fact that while working from home, workers hours may look less consistent and varied as opposed to the traditional logon hours of in office work.
ChannelPro states that “Their ever-changing, unpredictable hours as they juggle children with work make the pattern analysis many security solutions rely on to distinguish normal from suspicious user behavior difficult as well”.
Remote workers may also switch between personal and corporate devices without altering the organization, making logging of traffic and data much more difficult.
Secure Remote Work
With employees clocking in from all over the place it can be extremely difficulty to implement a standardized security policy that protects remote and in-office workers. While some of the necessary controls may be frustrating for remote users, they are crucial to maintaining a secure environment for the data being used across your organization.
An organizations top priority should be to protect its data, after all that is what cyber criminals are after. This should be done through encryption practices. Every device used should used encryption on the data being stored and the data being sent across the network. This ensures that if data is exfiltrated by a bad actor, it is unreadable to everyone except the intended recipient. This is already a common practice in businesses and in a lot of cases required for compliance reasons. A business can’t afford to lose customer data that needs to be kept private and secured.
Every host and endpoint that is used for work purposes must also be secured through various software and controls. This includes a firewall policy, email filtering software, and other enterprise level tools. Lawrence Cruciana recommends a DNS filtering software be mandatory of all endpoints including remote work ones.
Other security policies that must be enforced include multi-factor authentication, and good password hygiene. Workers may not like MFA, in fact they might outright express their frustrations at having to use it, but it is important that every software, applications, and account is secured with an alternate form of authentication outside of a traditional username and password. In fact, Microsoft claims that MFA stops 99% of attacks made against your accounts. MFA adds an extra layer of security for when passwords fail or credentials are stolen.
Your workers should also practice good password hygiene. By password hygiene we mean how users create and choose their passwords. Oftentimes users will choose a small, personal, easy to remember password and then use it across all of their applications. This makes it easy for cyber criminals to compromise login credentials through basic brute forcing tactics. All of your workers should have unique, complex, and impersonal passwords for each account. These strong passwords, combined with MFA will greatly increase an organizations security posture.
Lastly, education is one of the most important aspects of security. What your employees don’t know, they can’t protect themselves from. Having every workers undergo consistent security awareness training helps them know how to spot a potential phishing attack or a suspicious file present on their device. Also, keeping employees up to date on the latest security threats and attack vectors will decrease the odds of them falling for advanced phishing tactics or malicious links.
CorpInfoTech is adept at helping SMB’s accomplish everything mentioned in above post. We offer fully or co managed services that address the problem and solution to your security needs. We can help organization implement a secure, end to end remote work solutions that secures your data wherever it is.
If your organization thinks it needs help bolstering its security posture, contact CorpInfoTech today!
CorpInfoTech (Corporate Information Technologies) provides small to mid-market organizations with expert I.T. services including compliance assessment, cybersecurity penetration tests, and comprehensive business continuity planning services. CorpInfoTech can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.
This website is for informational and educational purposes only and does not render professional advice nor is it a substitute for dedicated professional guidance from a competent and duly accredited cybersecurity professional specific to your needs and implementation. There is no endorsement of any kind for products or services listed on this website; it is entirely the readers responsibility to conduct appropriate due diligence and due care in selecting and engaging with any product or service.
Comments are closed