With the rapidly evolving circumstances surrounding the COVID-19 pandemic, workplaces around the world have been faced with a difficult challenge – quickly deploying a remote workforce. While some have been prepared for telework all along, others are scrambling to ensure employees can access their networks quickly, without compromising security. The unfortunate truth of our current situation is that while many are banding together to protect those most vulnerable to the coronavirus, there are those who see this more scattered user-base as a golden opportunity for cyber attack.
It’s important to remember that just because you’re not in the office, it doesn’t mean hackers are taking a holiday. In fact, remote work is their bread and butter. And they stand at the ready to exploit the vulnerabilities teleworking can bring.
With that in mind, what can you do to plug those holes? How do you keep both your network and your work-from-homers secure? Here are 5 things to consider…
1 – It Starts With a Policy
Both you and your staff benefit from knowing what to expect from remote work. Putting a telework policy in writing and ensuring everyone in your organization is aware of it is an important step for consistency and therefore security. Hopefully you already had one, but if not, it still pays to put one together and make it clear to all employees.
What should it include? Acceptable use, personal vs company devices, personal vs company accounts, how to connect, whether public wi-fi is allowed, etc. A couple of statistics should reinforce the need for a strong telework policy: nearly half of employees say they transfer files between work and personal computers; almost 15% say they can’t connect to their work network from home, and more than three quarters say they don’t take privacy measures when teleworking in a public setting.
2 – Protect Your Endpoints
Each device an employee uses to access your data is an added security risk. Remote laptops, tablets, smartphones, etc. are not constantly protected by your firewall. But you need to ensure they have a level of protection against malware, email scams, and other data breaches, so attackers can’t use them as a tunnel back into your network. That’s why a strong endpoint security solution is vital for all your telework users. The best options also provide added visibility into their status for admins. Protecting each device individually makes protecting your network as a whole much easier.
3 – Build a Tunnel
To work from home effectively, your employees need to have use of all the apps and files they normally have at the office. How do you facilitate that quickly and securely? You need to offer virtual private network – better known as VPN – access.
A VPN sets up a secure tunnel between your telework employees and your network, protecting their and your data from any spying or prying eyes. This encrypted tunnel (using either IPSec or SSL) can even help when employees use public networks. In case you missed it, we outlined SonicWall’s VPN options in a recent post.
4 – Make Sure Passwords Have a Passing Grade
An all too common problem with an all too easy solution in the cybersecurity world is weak passwords. Ensure your telework employees (and everything on your network) uses strong passwords of length, with numeric and special characters, and phrases if supported. This keeps brute force attacks at bay, which typically just fire thousands of common words at a login screen until one works.
And take it a step further with multi-factor authentication. For employees to access your network remotely, require an additional step, such as an authentication code texted or emailed to provide added security. Some types of multi-factor authentication even include options like geotracking.
5 – Training Is Vital
You’ve likely already heard that the most common reason for a breach is human error. Whether it’s in the form of a misconfiguration or because an employee clicked a malicious link, the human element puts your network at risk. And just as cybersecurity training is vital in the office, it’s extremely important for telework.
So safety using the aforementioned public wi-fi should come up, as well as reminders about what to look for in social engineering scams. Online attackers’ new favorite? Coronavirus-related malware in the form of emails, and even phony maps to steal personal data from anyone who visits to try and keep up with the virus’ spread.
You’ll also want to be sure your work-from-homers are sticking to VPN-only when it comes to work files. Too often, the easy way may be to send sensitive data as an unencrypted email attachment, but that risks exposing it to bad actors. Teach them to keep it encrypted, even if it takes a little bit longer. And even though social distancing may keep you from conducting this training in person, there are plenty of videoconferencing options to help.