In today’s business landscape, remote working has become an increasingly accepted practice. Whether they were started because of COVID-19 restrictions, employee-friendly policy, or simple practicality, the fact remains that workers are increasingly carrying out their daily tasks from a location physically separate from the physical office. In fact, statistics published by Upwork indicate that 42% of the American workforce is made up of telecommuters, with estimates predicting that 36.2 million citizens will be working in this capacity by 2025. This amount, noted Upwork, marks a double increase from pre-pandemic levels.
In light of the growing number of companies adopting a remote, dispersed workforce, one question continually confuses many security administrators:
How can the organization promote remote work safety?
Perhaps one of the most concerning remote work security issues is that remote workforce technology is largely unmonitored, day-to-day. Recently, Forbes identifiedseveral key methods that can help further secure an enterprise’s remote workforce, their correspondence, and shared sensitive documents, even when the theoretical attack surface is larger than ever.
Establish a remote work security policy that promotes best practices and employee awareness
In an environment where the administrator or security professional has a limited window at best into the activity of remote workers on their private networks, it is essential that the organization can fully trust its personnel. This need is compounded by the fact that security breaches are often the result of poor or uninformed worker choices, as opposed to outright malice.
Today’s organization should promote a cybersecurity policy focused on:
- Rely on anti-malware and other security software.
- Promote cybersecurity education, literacy and awareness.
- Encourage smart password management.
- Require periodic data backups.
- Using MFA (multi-factor authentication) and passwordless options.
- Securing personal devices and other “BYOD”.
- Document cybersecurity steps by both parties.
First and foremost, the policy should include predefined goals to keep these practices top of mind for the remote worker.
Implementation of “Zero Trust” protection elements
“Zero Trust” implies that only those with approved credentials can access the information. This concept reduces instances of malicious data interception because it reduces the number of employees who have access to the information and therefore whose errors or malicious behavior could lead to the interception of the information.
Another particular option that some organizations are turning to is the practice of writing an NDA (non-disclosure agreement), which legally binds the employee to keep company information and data of which they may be aware. completely inaccessible to employees outside the company and, in some cases, any unauthorized party.
While this concept seems useful in preventing the dissemination of sensitive company data to unwanted parties, it probably doesn’t accomplish much. After all, such a policy only really targets staff members with malicious intent; in most cases, an “inside” employee who seeks to harm their business illegally is unlikely to be affected by Zero Trust or NDAs.
Elimination of password sharing
Workers who tend to share passwords across multiple personal and work accounts — and more dangerously, with other workers — should be discouraged from this practice. This habit is largely based on convenience.
Performing risk assessments
Despite its limited view of remote employee behavior, the organization has certain remedies. One option is to assess the level of risk to which staff members expose the business, establishing a risk profile against which action can be taken to promote better choices for workers, close security gaps, implement technology and provide dedicated cybersecurity training and understanding.
Other solid steps to help secure remote work environments include:
- Employing encryption bi-directionally, making it more difficult to intercept information before, during or after transmission.
- The use of cloud-based elements, such as a Connected workspace. These platforms are particularly essential for providing basic levels of security with minimal manual implementation.
- Leverage VPN (virtual private network) technology – Forbes recommends no less than L2TP (Layer 2 Tunneling Protocol) – to secure connections and promote safe collaboration over Internet lines.
- Avoid consumer tools such as Dropbox and Google Drive in favor of subscription-based storage and CRM (customer relationship management) software.
- Providing access to security management applications by subscription.
- Establish a CISO (Chief Information Security Officer) or other dedicated personnel to specifically oversee information security and integrity.