Remote work has offered employees the flexibility of location—they can work right from the comfort of their homes or from a nearby café. For businesses, however, this practice has introduced a new challenge: maintaining security for remote workers.
According to our 2022 Data Security Survey, insufficient remote access security is one of the top three IT security vulnerabilities businesses face. In another survey, 15% of SMB leaders say remote desktop vulnerability is the main reason for ransomware attacks on their business.
In this blog we're going to take a deep look at some Gartner-backed tips to help security leaders at small businesses develop a security strategy that not only offers remote work protection but also ensures a smooth working experience for employees.No matter where your employees are working, how they connect into the office and go about completing tasks needs to be secured. Business data and files are valuable assets in today’s online world, and as with any valuable resource, there are always people out there who will try steal it.
A good way to secure your tool set is to limit the need for employees to leave your office with any data or files stored physically. To do this, we recommend setting up a secure, remote connection in the form of either a hosted desktop or a VPN. Both offer significant benefits and what works best for your organisation will depend on your specific requirements.
A VPN, which stands for Virtual Private Network, works by creating a service that extends a private network across a public network so that your employees can access the internet safely and work privately. It works best for organisations that don’t have employees moving between a variety of different sites. For example, if they are only working at home and in the office. This is because using one relies on the server at your office and any device that uses it will need to be configured, making it far more complex to set up and use.
A Hosted Desktop on the other hand does not rely on a server in your office as it is hosted in the cloud from one of our secure data centres. Therefore, it can be accessed from anywhere, on any device. All that is required is for the user to download a small piece of software onto their device. This is perhaps the better long-term option for organisations with employees that work across the country/world as it is far more flexible. What’s more – it is priced on a per-user per-month basis, so costs are predictable.
It is also important for you to secure any device that is being used to complete tasks for your organisation. For example, all devices should be equipped with basic antivirus, antimalware and firewalls where possible. It would also be beneficial to make a note of who is using what devices and whether they have everything they need on it. This reduces the chance of someone swapping over to a device that isn’t secure.
The remote working transition also means that the chance of employees using their own device rises. In the modern business culture, this is known as ‘BYOD’ and is often an IT department's worst nightmare when it comes security. This is because they lose almost all control over the devices, making it a challenge for them to monitor and address viruses, hacking, un-secure Wi-Fi, lost or stolen devices and other cyber issues.
A Hosted Workspace can again help overcome this and secure the devices used when working remotely because updates and patches are deployed automatically due to the fact that it is delivered from one of our secure data centres. Additionally, as it is encrypted and is consequently secure, the need for ensuring basic protections are on all personal devices of employees is taken away.
When accessing company resources remotely, it should be the standard for employees to have multi-factor authentication (MFA) or two-factor authentication (2FA) implemented. Hackers are becoming more sophisticated at an exponential rate, making it so that passwords are no longer enough to keep accounts or resources secure and out of their hands.
MFA and 2FA are two different forms of authentication that further verify a user’s identity by requiring additional credentials and adding that extra layer. These include being something you know, something you have and something you are. Something you know could be a password, something you have is a possession such as a generated code texted to your mobile, and something you are could be facial recognition, a fingerprint or an eye scan.
Although it may be tempting to refrain from having user authentication in these forms implemented to simplify access, this is a major cyber security risk. Implementation is easier than you might think as well, with a number of resources including it as standard in order to help keep your data and files protected.
In the past, compliance strategies have been built around office work which does not consider employees and their devices leaving the premises. With the recent boom in remote/hybrid workforces, your business may risk unintended non-compliance if they fail to know how to uphold industry standards in a remote-working environment.
Some ideas for ensuring you maintain compliance in a remote-working sense include:
There are new waves of cyber-crime hitting the business environment, making it essential for cyber security awareness to be a top priority for IT teams and senior management. Employees are the weakest link in a business’ cyber security chain - all it takes is one uninformed employee to download or click a malicious link or attachment for the security of your entire organisation to be compromised.
Consider some form of security training for employees that is essential for employees working remotely (although it is beneficial for all employees). Anyone that fails the movement should have to then re-take it, to ensure they won’t be putting your business at risk. For example, Knowbe4 is a tool which simulates phishing and social engineering attacks/emails. It works by allowing organisations to select a template and landing page, then after simulation users are shown which red flags they missed. Management could review user results and set a mark in which employees have to get if they are going to be working remotely.
Furthermore, company Intranets should also be used to provide awareness and insight into cyber security and practices. This will create an easy way for employees to gain access to proper documentation and information with ease.
There has never been a better time to review and secure this way of working to ensure your business stays protected now and in the future. Fortunately, doing this is not expensive or difficult. We have seen a huge uptake of remote connections in the form if VPNs and Hosted Desktops, both of which have helped businesses in a variety of industries get to grips with secure remote working. Furthermore, we have also been able to help our customers implement other, less complex security solutions such as 2FA/MFA to add that extra layer and offer advice on the best way to move forward with employee awareness training.
Any successful business with a remote workforce understands the importance of security but for growing businesses, this can be hard to manage. If you want an experienced partner to deal with the entire remote working process and more we have over 17 years' worth of experience. Learn a bit more about what we can do for you, get in contact on 0330 002 0045, or email enquiries@entrustit.co.uk to be put in contact with one of our experienced and friendly UK-based engineers.