Insight Code Top
Insight Code Bottom
cyber security, remote working, digital crime concept, data protection from hack

How to maintain security when employees work remotely

28th October 2020

5 min read

As a business, you want to do all you can to keep your employees and information safe while working remotely. During the coronavirus pandemic, your business may require your employees to work from home, whether this is for a period of time or indefinitely. While remote working may not be new to your organisation, it is likely that you will have to implement remote policies and procedures on a much larger scale. That is why it is important that your cyber security strategy is robust.

Home and remote working offers great benefits but carries risks that need to be addressed and managed. When employees work remotely, devices that remain protected within your organisation’s environment open up further cyber risks to your network. Your existing security controls may not provide the same level of protection to your assets remotely. Implementing sufficient cyber security measures and practices will help to reduce the risk caused by employees working remotely.

It is likely that your business already uses cloud and Software as a Service (SaaS) applications to ensure your team can collaborate. When working remotely, you may be required to review your existing software and ensure it is sufficient for a larger number of users. You may have to introduce new software and applications to your business so your employees can remain productive at home. It is important that these applications are configured appropriately to prevent vulnerabilities in your IT infrastructure.

 

What are the risks that could occur because of remote working? 

Working from home, employee behaviour and habits can be subject to change. Your staff may become more relaxed when it comes to security and the caution they apply to your systems and data. You should ensure your team members are clued up on the risks involved in remote working when it comes to cyber security.

Especially in the midst of the coronavirus pandemic, malicious actors are taking advantage of rushed changes to remote corporate infrastructure. Cyber criminals are looking for gaps in security, particularly relating to the end-user, that they can exploit to achieve their objective or goal. There are risks surrounding GDPR and theft of devices if remote work is carried out in the presence of people that are not part of your organisation.

Phising is a common tactic used by cyber criminals, and one that has occurred a lot during the pandemic. Criminals send emails claiming to be official organisations, enticing you to click on a link to a website that could negatively affect your device and the data it stores. These scams are taking advantage of people’s concerns and can be avoided with the right guidance to spot phishing attacks.

 

5 ways to maintain cyber security while working remotely:

     1. Develop a remote working policy

Developing a remote working policy will ensure your employees understand your organisation’s expectations. The remote policy should cover Bring Your Own Device (BYOD), how to remotely access the network safely, passwords and authentication, removable media and encryption, and any other requirements relevant to your business.

You may want to support the remote working policy with guidance on the cyber security risks involved and how to mitigate them. Your cyber security policy should include the type of information that can be accessed on devices and the security controls set up on the device. Policies will help to maintain consistent processes across your organisation so you can manage your remote workers and security measures effectively.

 

       2. Provide remote security training

Remote employees may be required to use devices and software they are unfamiliar with. Your employees should undertake appropriate training for the devices and software they are using to work remotely. While you may have had to switch to remote working with little preparation, conducting training sessions and sharing resources will ensure the transition is successful.

You could produce a series of ‘How to’ guides or demonstration videos to support employees’ remote setup. They can read these resources at any point they need help to ensure they can instantly access the appropriate advice. You could demonstrate how to access the devices and networks remotely, which data can and cannot be stored on devices, where to store data and how to secure it properly.

 

       3. Ensure the use of multi-factor authentication

Implement multi-factor authentication across all of your services to provide an added layer of security for all users. If a device is lost or stolen, or a password is compromised, multi-factor authentication will help to prevent malicious actors from gaining access to sensitive data as they have to provide a second factor of authentication.

There are many types of multi-factor authentication you can implement on your accounts. This can include a strong password, code, combination or code word. You could also use a physical item such as a key, fob or token. The NCSC provides comprehensive guidance for implementing multi-factor authentication across all accounts.

 

        4. Limit data access and implement encryption

Limiting user access will restrict users from accessing sensitive data stored on your networks and devices. You should only provide employees with the permissions they need to carry out their role to ensure the security of your information. For employees using administrative or high-privilege accounts, you should regularly review these users to ensure access is only granted to those who need it. You want to limit data access as much as possible so there is limited exposure if a malicious actor compromises a user.

Encrypting information stored on all devices will protect data should the device be lost or stolen. You should review all devices used for work purposes as encryption will need to be turned on and appropriately configured. You should use a Virtual Private Network (VPN) which allows remote employees to securely access your IT resources. VPNs ensure your users are authenticated before accessing the network and encrypts any data moving between the user and your network.

 

        5. Develop reporting procedures and culture

Your employees should be able to report their security concerns immediately. While you may have reporting procedures in place, you should consider whether your employees feel comfortable to voice their issues. Creating a positive security culture will ensure your employees feel safe to raise their concerns about bad security practice and incidents, without fear of repercussion. You want to ensure there is sufficient communication to identify vulnerabilities and put measures in place to mitigate risks.

Create reporting procedures to outline how your employees can report security concerns. Detail the steps they need to follow if a device is lost or stolen and who to report it to. Managing these situations as soon as possible may help to reduce the risk to business data.

You should regularly check your cyber security controls with testing and review procedures. This will help you identify any vulnerabilities within your IT assets and help to improve your security posture. Sentrium’s cyber security solutions address your IT security challenges. Our testing and review services provide visibility and understanding of your weaknesses to help you make long-term improvements to your security posture and mitigate risks.

Resources

  • Insights
  • Labs
White box penetration testing

Uncovering vulnerabilities with white box penetration testing

As a business owner or IT professional, you understand the importance of protecting your company’s sensitive data, systems and reputation from cyber threats. One of…

API penetration testing

Securing APIs through penetration testing

APIs (Application Programming Interfaces) have become the backbone of many modern applications, and indeed the foundation of some businesses services. APIs enable seamless communication between…

The importance of a post-penetration test action plan

The importance of a post-penetration test action plan

As cyber threats continue to evolve and become more sophisticated, businesses must stay one step ahead in protecting their sensitive data and network infrastructure. Penetration…

How to choose the right penetration testing partner

How to choose the right penetration testing partner for your business

In today’s digital landscape, cybersecurity threats are evolving at an alarming rate. With the growing number of cyber-attacks and data breaches, businesses must prioritise their…

IoT device security, penetration testing

Securing the Internet of Things: Penetration testing’s role in IoT device security

The world is witnessing a remarkable transformation as more devices become interconnected, forming what’s known as the Internet of Things (IoT). From smart refrigerators and…

Man working as a junior penetration tester

My first month working as a junior penetration tester

Entering the world of cyber security as a junior penetration tester has been an eye-opening experience for me. In my first month, I’ve encountered challenges,…

Password cracking: How to crack a password

An introduction to password security: How to crack a password

Online Password Cracking An online attack is performed in real-time, against live services or applications to compromise active user accounts. Such attacks typically occur when…

Application Security 101 – HTTP headers

Application Security 101 – HTTP Headers Information Disclosure

Server Header Information Disclosure The most common HTTP header that is enabled by default in most web servers is the ‘Server’ header, which can lead…

SPF, DKIM, DMARC and BIMI for Email Security

SPF, DKIM, DMARC and BIMI for Email Security

Sender Policy Framework Sender Policy Framework (SPF) is a DNS TXT record that is added to a domain that tells email recipients which IP addresses…

Terraform security best practices

Terraform security best practices (2022)

The following sections discuss our most important Terraform security best practices: The importance of Terraform State Terraform must keep track of the resources created. When…

Security vulnerability in Follina exploit

Preventing exploitation of the Follina vulnerability in MSDT

The Follina Exploit A zero-click Remote Code Execution (RCE) vulnerability has started making the rounds which is leveraging functionality within applications such as Microsoft Word.…

Application Security 101 – HTTP headers

Application Security 101 – HTTP headers

1. Strict-Transport-Security The HTTP Strict Transport Security (HSTS) header forces browsers and other agents to interact with web servers over the encrypted HTTPS protocol, which…

Get in touch with our experts to discuss your needs

Phone +44(0)1242 388634 or email [email protected]

Get in touch