When you’re operating a remote team, one question that often comes up is how to keep your business information safe. Employees don’t always have the same security measures in place on their home Wi-Fi networks as you do in the office, so there may be an increased risk of a data breach.You need to help your remote workforce adapt to and comply with cybersecurity measures that are designed to protect sensitive company data from hackers. Below, 15 members of Forbes Technology Council share recommendations to help businesses deploy appropriate cybersecurity measures for their remote employees.
1. Encourage cyber ‘social distancing.’
Encourage employees to adopt the same strategy for cyber viruses they use in the real world. Cyber “social distancing” is about recognizing risk and keeping your distance. Helpful technology solutions should include a secure email gateway to detect phishing attacks and spam, a VPN solution to secure remote connections or a secure access solution to ensure that only authenticated devices access the network. – Philip Quade, Fortinet
2. Use a cyber-intelligence approach.
To truly strengthen an organization’s cybersecurity posture, look for external signals of impending attacks. The ability to predict an attack and prioritize remediations accordingly is key. Go to the hackers’ trenches (e.g., deep/dark Web, hackers communities and closed communities), decode threats that are relevant to the organization and understand the context of the attack. – Kumar Ritesh, CYFIRMA
3. Employ cloud-based solutions.
Cloud-based cybersecurity solutions that protect the device, cloud and identity of the user—that’s the ticket for secure remote working. The new generation of cybersecurity solutions, optimized for secure remote work, are deployable in seconds, cloud-managed, silent to the user and invasive to the attacker. – Tomer Weingarten, SentinelOne
4. Secure the perimeter.
Businesses need to secure the corporate perimeter when moving to a remote workforce. This means tying VPN to Active Directory and enabling multifactor authentication to make sure the right people are accessing networks, apps and data. Businesses should mandate VPN use on public Wi-Fi and remind employees to avoid opening emails and clicking on URLs from unknown senders and to keep passwords safe. – Paul Mazzucco, TierPoint
5. Consider virtual desktop environments over VPNs.
Companies must ensure employees can securely access everything they need to do their jobs effectively from home. Using VPNs has been the traditional method, but it limits access to a small number of internal company applications and cannot secure many of the online apps employees need. Companies should consider testing and bolstering a virtual desktop environment to provide a great user experience. – Nadir Izrael, Armis Security
6. Trust, but verify.
When working remotely, it’s easier to be misled by fake requests from people you know (spearphishing). Teach your team how to spot the signs, as well as how to verify any requests. The easiest way is to always use another channel, like calling them or jumping on a video call. – Russell Smith, Rainforest QA, Inc.
7. Carry security protocols over to home offices.
It’s not just about the security platform that the CISO has put in place but how employees continue that business continuity into the home office. It’s critical that as users move to remote working the security team has a plan in place to carry all of the security protocols and policies over to ensure that home users are just as secure as if they were in the corporate office. – Frank Cittadino, QOS Networks
8. Deploy mobile security software.
The most effective cybersecurity measure is the implementation of an agile mobile security platform that can be installed on any device accessible by the employee—regardless of the operating system or manufacturer—and that is built around a model of data-centric security. Without those key elements, companies risk slower deployment times, lost company data and extensive overhead costs. – Jonas Gyllensvaan, SyncDog
9. Remind employees to guard their home routers.
We have seen with smart cities and enterprises that remote contractors and staff may have the greatest VPN, but their home router may be the weakest link. Many people buy home routers and never change the default password. Botnets are out seeking these open doors—once they gain access, they infect the worker’s PC and enter the organization through the VPN. This is an area not managed by IT. – Thomas Caldwell, Techniche
10. Know your access points.
The rush to work from home is a situation in which the prepared do better. It’s critical to keep an up-to-date network map to handle whatever comes along. For example, show where your VPN access points are and whether they have the correct access. Most organizations struggle to maintain a reliable map of their changing world, but it can be automated. – Mike Lloyd, RedSeal
11. Remember that temporary pain will bring long-term advantages.
The COVID-19 crisis is accelerating many developments that will improve the cybersecurity posture of organizations. Security teams are looking for SaaS security applications that can be deployed with ease and with no disruption to productivity. Many organizations are still far away from this, using only on-premises solutions, and the crisis is forcing them to change their approach. – Galina Antova, Claroty
12. Create a specific action plan for critical functions.
Like any new service, secure remote working needs organizations to define and implement security policies, procedures and controls. However, in most companies, the challenge is that a few critical functions are not designed to work offsite. Those need a quick process redesign and risk assessment to come up with a short-term action plan followed up with a sustainable long-term control framework. – Sameer Shelke, Aujas Cybersecurity
13. Don’t wash your hands of cyber hygiene.
The most significant threat to cybersecurity is still employee negligence. Anticipate a substantial increase in malicious cyber-targeting of remote workers. No matter the location, you must establish a culture of security, protect mobile devices, maintain computer cyber-hygiene, properly deploy and maintain firewalls, have current antivirus software, and, most importantly, plan for the unexpected. – Will Conaway, Will Conaway IT Consulting
14. Focus on endpoint security and VPN use.
Ensure robust endpoint security and VPN use on all devices, including personal devices that may now be accessing company systems and data. Using a cloud-managed solution enables streamlined centralized control, visibility and policy enforcement. – Paul Lipman, BullGuard
15. Assess your company’s threat model work.
A good rule of thumb that easily translates to remote work, VPN use, etc. is to view all traffic and actors as nefarious until proven otherwise. In the end, cybersecurity measures ultimately come down to a company’s threat model work, which is the primary key to driving their cybersecurity risk assessment and countermeasures. – Robert Weissgraeber, AX Semantics
Source: Forbes, “15 Effective Cybersecurity Strategies For Your Remote Workforce” https://www.forbes.com website. Accessed December 29, 2020. https://www.forbes.com/sites/forbestechcouncil/2020/05/12/15-effective-cybersecurity-strategies-for-your-remote-workforce/?sh=7feee52b50db
© Copyright 2020. All rights reserved. This content is strictly for informational purposes and although experts have prepared it, the reader should not substitute this information for professional insurance advice. If you have any questions, please consult your insurance professional before acting on any information presented.