2020 has been a turbulent year. The COVID-19 pandemic has caused major disruption to the global economy and has changed the way we all live our lives. However, as cases fall throughout the UK, we are seeing a gradual return to the workplace for many. Indeed, Government advice on home working changes from August 1st, and employees will now be actively encouraged to return to their place of work. That being said, the example of Leicester and the recent rise in cases in Spain, serves as a reminder that we will be living with this virus for many months to come, and localised lockdowns can come very suddenly.
With that in mind, we should all be prepared for a future with a more remote-working model. Now, for the most part, the initial panic of moving to this new normal has subsided and employees have adapted, it is time for IT departments who have individuals that need to continue working remotely for the foreseeable future to take a step back and review their remote working tools and policies. This is because the rate in which organisations were forced to adapt, there was little time for IT departments to completely secure remote working policies. As a result, bad actors took advantage of flaws in the defences of many businesses. According to research, cyber-crime and cyber espionage skyrocketed during COVID-19 lockdowns.
Below we have gone through a few ways you can ensure secure remote working now and in the future beyond the pandemic.
1. Secure your tool set
No matter where you employees are working, how they connect into the office and go about completing tasks needs to be secured. Business data and files are valuable assets in today’s online world, and as with any valuable resource, there are always people out there who will try steal it.
A good way to secure your tool set is to limit the need for employees to leave your office with any data or files stored physically. To do this, we recommend setting up a secure, remote connection in the form of either a hosted desktop or a VPN. Both offer significant benefits and what works best for your organisation will depend on your specific requirements.
A VPN, which stands for Virtual Private Network, works by creating a service that extends a private network across a public network so that your employees can access the internet safely and work privately. It works best for organisations who don’t have employees moving between a variety of different sites. For example, if they are only working at home and in the office. This is because using one relies on the server at your office and any device that uses it will need to be configured, making it far more complex to set up and use.
A Hosted Desktop on the other hand does not rely on a server in your office as it is hosted in the cloud from one of our secure data centres. Therefore, it can be accessed from anywhere, on any device. All that is required is for the user to download a small piece of software on to their device. This is perhaps the better long-term option for organisations with employees that work across the country/world as it is far more flexible. What’s more – it is priced on a per user per month basis, so costs are predictable.
2. Secure all devices
It is also important for you to secure any device that is being used to complete tasks for your organisation. For example, all devices should be equipped with basic antivirus, antimalware and firewalls where possible. It would also be beneficial to make a note of who is using what devices and whether they have everything they need on it. This reduces the chance of someone swapping over to a device that isn’t secure.
The remote working transition also means that the chance of employees using their own device rises. In the modern business culture, this is known as ‘BYOD’ and is often an IT departments worst nightmare when it comes security. This is because they lose almost all control over the devices, making it a challenge for them to monitor and address viruses, hacking, un-secure Wi-Fi, lost or stolen devices and other cyber issues.
A Hosted Workspace can again help overcome this and secure the devices used when working remotely because updates and patches are deployed automatically due to the fact that it is delivered from one of our secure data centres. Additionally, as it is encrypted and is consequently secure, the need for ensuring basic protections are on all personal devices of employees is taken away.
3. Implement user authentication
When accessing company resources remotely, it should be the standard for employees to have multi-factor authentication (MFA) or two-factor authentication (2FA) implemented. Hackers are becoming more sophisticated at an exponential rate, making it so that passwords are no longer enough to keep accounts or resources secure and out of their hands.
MFA and 2FA are two different forms of authentication that further verify a user’s identity by requiring additional credentials and adding that extra layer. These include being something you know, something you have and something you are. Something you know could be a password, something you have is a possession such as a generated code texted to your mobile, and something you are could be facial recognition, a fingerprint or an eye scan.
Although it may be tempting to refrain from having user authentication in these forms implemented to simplify access, this is a major cyber security risk. Implementation is easier than you might think as well, with a number of resources including it as standard in order to help keep your data and files protected.
4. Maintain compliance
In the past, compliance strategies have been built around office working which do not consider employees and their devices leaving the premises. With the quick change in working style due to COVID-19, your business may risk unintended non-compliance if they fail to know how to uphold industry standards in a remote-working environment.
Some ideas for ensuring you maintain compliance in a remote-working sense include:
- The continuous management and reviewing of your security policies
- The restriction of user access to only the resources they need in order to carry out their role
- The writing and implementation of a formal remote work policy which is shared with the whole of the company
- The writing and implementation of a ‘BYOD’ policy which is shared with all employees
5. Raise employee awareness
Thanks to the pandemic, there are new waves of cyber-crime hitting the business environment, making it essential for cyber security awareness to be a top priority for IT teams and senior management. Employees are the weakest link in a business’ cyber security chain - all it takes is one uninformed employee to download or click a malicious link or attachment for the security of your entire organisation to be compromised.
Consider some form of security training for employees that is essential employees working remotely (although it is beneficial for all employees). Anyone that fails the training should have to then re-take it, to ensure they won’t be putting your business at risk. For example, Knowbe4 is a tool which simulates phishing and social engineering attacks/emails. It works by allowing organisations to select a template and landing page, then after simulation users are shown which red flags they missed. Management could review user results and set a mark in which employees have to get if they are going to be working remotely.
Furthermore, company Intranets should also be used to provide awareness and insight into cyber security and practices. This will create an easy way for employees to gain access to proper documentation and information with ease.
Secure and simple remote working
There has never been a better time to review and secure this way of working to ensure your business stays protected now and in the future. Fortunately, doing this is not expensive or difficult. We have seen a huge uptake of remote connections in the form if VPN’s and Hosted Desktops, both of which have helped businesses in a variety of industries get to grips with secure remote working. Furthermore, we have also been able to help our customers implement other, less complex security solutions such as 2FA/MFA to add that extra layer and offer advice on the best way to move forward with employee awareness training.
Remember - a determined intruder is difficult to keep out and with the unpredictability of the pandemic making localised lockdowns in the future even more likely, it pays to take the time now while cases are lower to make secure remote working, a long-term strategy.
