One year into the pandemic, remote work has become the new normal. Even after life returns to “normal”, Gartner research finds that over 40% of employees are likely to continue working remotely, at least some of the time.
It is clear that remote working is here to stay. But this brings up a new question: Is your IT security strategy keeping up?

According to the FBI, daily cybersecurity complaints have increased from 1,000 to 4,000 during the past year, and failing to secure your remote workers makes your business a sitting duck for these attacks.
When creating a future-proof remote access technology strategy, business leaders should keep the following in mind:

1. Provide secure access to your corporate network
There are two basic ways to secure your sensitive data while you and your employees are working remotely. The easiest (and cheapest) one to deploy is what is called Remote Desktop Protocol (RDP). These applications will make you feel like you are sitting in front of your office computer while being miles away at your desk at home. An application like "Splashtop" is easy to install and supports screen share, which is handy for your IT support should they need to walk you through anything technical while working remotely.

Installing VPN is a more complicated but, in the long run, potentially safer way to go. A VPN (Virtual Private Network) uses either SSL (Secure Sockets Layer) or IPsec (Internet Protocol Security) to encrypt communications from your machine at home to your corporate network. This safeguards both you, the end-user, and the corporate environment, ensuring that no one can intercept and decipher sensitive data traffic.

2. Secure remote work environments; routers and Wi Fi connections
Not every remote employee will have reset the default password for their Wi-Fi router, but it crucial for everyone on your team to do so.

If you have an IT support team, then providing telephone guidance to secure home routers should become a priority. You do not want your information being subjected to man in the middle, data sniffing, or any other form of cyber attack.
Employees should be told to avoid public Wi-Fi, though doing so is made a little more secure if using a VPN connection

3. Ensure that software is being updated
The security software on a personal computer should always be updated to the latest version and, whenever possible, be supported by the same business-grade NextGen anti-virus solution that you use on your office devices. Data sensitivity is the same no matter how or where you access it from. Your approach to security should be too.

4. Enforce strong passwords
Ensure that your staff uses strong passwords by enforcing password requirements. Excellent passwords are the first line of defense. All of the above doesn't matter if you don't use a strong password. Make sure to avoid anything that's easy to try, such as repeating numbers (e.g. 000000), sequences (e.g. 123456), or common passwords.

Additionally, don't use anything that is related to you, such as your date of birth, license plate, address, etc. A good pin/password should look random to anyone that's not you.
Offer your remote workers a password manager to make sure the passwords they use are not only strong but varied across accounts.

5. Implement adequate email security practices
Proper email security can protect sensitive information in email communications, prevent phishing attacks, email spoofing, and protect against unauthorized access, loss, or compromise of one or more email addresses. With phishing attacks accounting for more than 80% of reported security incidents email protection is now more critical than ever.

6. Secure your remote work environment
We don't tend to think of our family members as "unauthorized" entities, but from a compliance perspective, they most definitely are. Physical security shouldn't go out the window when you're working from home. Just as you lock up the office when you leave for the day, do the same when working from home.

Even when working in a separate physical space is not an option for everyone on your team devices should be protected from unauthorized access. Automatic locking is there to protect your unattended devices. Make sure to configure an amount of time that while convenient is not unreasonably long, such as 30 seconds for mobile devices and five minutes for laptops.
Automatic locking is enabled by default on most modern devices.

7. Enable find my device and remote wipe
Being able to find and ideally remote wipe your mobile device is a crucial part of ensuring information security when a device is lost or stolen. Securely wiping a device makes it much harder to access your data, no matter how much time or determination an attacker has.

Here's how to enable "Find My Device":

To protect your road warriors you should talk to your IT partner about installing remote wipe software on all mobile devices. Remote Wipe makes it possible to delete data from a laptop or computer without having to be in front of the device. It is a critical feature that both individuals and companies should consider implementing on all computers that contain sensitive or valuable data.

Remote Wipe needs to be set up beforehand, but if remote wiping capabilities are enabled, the owner can erase the data and prevent the attacker from stealing the information or using the data to launch further cyber attacks.

8. Use Encryption
In some situations, remote wipes aren't effective or feasible to protect a lost or stolen laptop. Full disk encryption can be a better alternative, or it can be used to complement remote wipe capabilities.

When a computer's disk is fully encrypted, it means that all of the disk's data has been locked down with cryptographic software or hardware. This prevents unauthorized access. When full-disk encryption is used, the data can only be accessed by users who have the key. Otherwise, the data remains unusable as ciphertext.

How you turn on encryption will depend on your device.

9. Enhance endpoint security through multifactor authentication.
Multi factor authentication is an authentication method where access is granted only after successfully presenting two pieces of evidence to an authentication mechanism.

Two-factor authentication can dramatically reduce the risk of successful phishing emails and malware infections. Even if the attacker is able to get your password, they are unable to login because they do not have the second piece of evidence. To successfully login, they would need access to whatever is generating your one-time code, which should be an authenticator app or security key.

The first and most common evidence is a password. The second takes many forms but is typically a one-time code or push notification.

10. Provide employees with basic security knowledge
Even with proper mobile device management, a detailed remote work strategy, VPNs, and the latest cyber security software systems in place, staff can still make damaging mistakes. Data breaches are often due to negligent employees.

In addition to everything, we have discussed so far ongoing security awareness training should be included in any robust remote work strategy. Malicious actors are continually looking for new ways to circumvent security controls and psychology to gain access to sensitive information.

Educate your staff on best practices and individual accountability in maintaining the security of your network. There are various interactive online training options available. Ask your IT provider (or us) which one would be appropriate for your organization.

If you need help creating a workable, future-proof plan for setting up your remote team contact us at (845) 237-2117 or send us an email: info@meetingtreecomputer.com

Together we can ensure that your business network remains secure, and your workforce remains productive no matter where they (prefer to) work.