For many businesses around the world, remote work has become essential to help stop the spread of the coronavirus. Whether you’re familiar with working from home or your company is still adjusting, it’s important that your information technology procedures don’t slip through the cracks.
Without a remote worker policy and the proper tools deployed to mitigate risk, each remote employee can be a point of vulnerability to your IT security. As the president and CEO of an IT services company, I’ve outlined seven tools to help businesses and employees work successfully and securely from home:
1. Use a virtual private network.
A virtual private network (known as a VPN) creates a secure conduit for remote devices to privately access the business network. The VPN encrypts all communications and hides employees’ IP addresses. This greatly reduces vulnerabilities and usually makes hackers look for easier prey.
Because a VPN works behind the scenes, it causes no disruption to productivity. Before, a remote worker would log directly into your network. Now they simply log into the VPN, and it securely logs them into the business simply, seamlessly and securely.
2. Don’t make ‘temporary’ changes to your firewall.
Here’s the scenario: Employees are working remotely, possibly for the first time and likely on their personal devices, and are complaining that they can’t get into the network. To remedy this, someone decides to “temporarily” reduce the firewall settings. On the surface, it worked because the employees have gained access. Beneath the surface? You are now highly vulnerable to cybercriminals. Ensure your employees are clear that no temporary changes should be made to firewall settings to keep everyone protected.
3. Protect yourself from ransomware.
In my experience, companies tend to think of IT breaches as hackers stealing data. They often rationalize their security decisions with the notion that there is nothing valuable for a hacker to steal. That might be true, but ransomware is completely different.
Ransomware can encrypt and lock your data, and the hacker then often demands payment in exchange for giving your data back. This can greatly hinder productivity, so it’s important to be cautious. To ensure you’re protected, run malware software; update your operating system, browsers, and all software; back up your data so that it can’t be taken hostage and train your employees to avoid phishing and other scams.
4. Beware of ‘bring your own device.’
Bring your own device (or BYOD) is when employees use their personal devices for business. Do your employees maintain the latest malware prevention software on their own computers? Are the passwords on their personal devices as strong as those on their work devices? Have they installed any software to make it easier for them to use their own device while circumventing your security?
The answers to these questions: You don’t know. The best thing you can have in place is a remote work policy that includes parameters around the use of personal devices, which brings us to our next point.
5. Write and enforce a remote work policy.
A remote work policy not only helps protect the business but also sets the proper expectations for the employees. Consider including the following in your policy:
• Only approved personal devices are allowed.
• No use of public devices, such as hotel kiosks, library computers, etc.
• No use of public WiFi.
• Only connect to the company’s network through the VPN.
• Have password standards, such as not using the same passwords for personal and business accounts.
• Have approved anti-virus and anti-malware software installed on personal devices.
• Update your confidentiality agreement to include proper care procedures for remotely handling corporate information.
6. Consider using a password manager.
Today’s digital world requires us to use more and more passwords. Over time, they can become next to impossible to remember. In order to keep track, many people do one of three poor practices:
• Keep them simple and memorable (e.g., their child’s birthday, the name of their pet, etc.)
• Use the same password for everything
• Keep a Word document on their computer labeled “passwords” and log them all there.
It would be relatively easy for a hacker to obtain the passwords of someone who does any of these three things, which is why some turn to password managers. These managers generate unique and difficult passwords for all the different places you log in to, and you control them all with one master password.
7. Encourage employees to be cautious, suspicious and vigilant.
Employees successfully and securely working remotely is a large part of many businesses today. To ensure your team is protected, talk to your employees about ways they are less secure at home and what they can do to help. Ask them to question any strange-looking texts or emails. Remind them not to put unapproved USB sticks or peripherals into their computers. Reinforce the perils of sending personal or corporate information in an email. And most importantly, ask them all to be cautious, suspicious and vigilant.
As you can see, there are a few important IT security measures to consider if you’re developing or managing a remote workforce. A number of managed service providers (my own included) can help you navigate these challenges if you lack the personnel or bandwidth. But by starting with these seven steps, you’ll be on your way to ensuring everyone in your organization is protected.