Strong Cybersecurity Tips in a Remote Workforce

The remote workforce has become the new normal as we live through this pandemic. As a business owner, it is their job to keep their employees safe all while continuing the growth of the business. Here are some steps to follow to make sure you are providing the best remote workforce for your company.

Step 1: Provide clear policies and training

Employees need to understand what standards of equipment and behavior their remote work demands. Whatever your approach is, it needs to be codified and clearly communicated to all your employees. Then they need to be trained on these polices so that even the least technically savvy among them can consistently apply all the preventive cybersecurity measures you expect them to take.

Step 2: Set standards for the devices they can use

If you can afford to do so, it’s best for remote employees to use company-issued laptops and phones that you can manage directly. This prevents a host of risks, including using outdated (and thus potentially insecure) hardware and software, unencrypted devices and devices that are configured in ways that leave them open to attacks.

If you must let employees use their own devices, you can limit risk by setting minimum standards for them. Clearly define types — and versions — of operating systems, browsers and the like that can be used to conduct company business and connect to company systems and set clear requirements for data encryption and password protection. Also set clear rules about how employees should store and transfer data when outside the office. Otherwise, they may set up insecure “shadow IT” like personal Dropbox accounts using obvious passwords.

Step 3: Deploy the right security software

When your employees work outside your office and the security defenses on your corporate network, you need to make sure they’re using strong security software. Enterprise-grade antivirus and antimalware protection, ideally including the capability to perform a remote wipe of a device if it is lost or stolen, are crucial.

Also consider upgrading to an endpoint detection and response (EDR) solution for your remote workers. EDR doesn’t just block threats, it logs system event data and monitors these logs, looking for indicators of compromise within your company’s systems so that your IT team can spot threats as they develop and respond to them.

Step 4: Give your employees the right tools and ensure they use them

All employees, in any work environment, should use certain basic tools that become even more critical when working remotely.

• A password manager is a powerfully encrypted application that generates and stores unique, strong (read: random and complex) passwords for each site an employee visits. Keeping a unique password for the password manager itself is enough to let you automatically manage login credentials for every other site or app. Free managers are available for individual use, but many offer paid corporate subscriptions that enable you to store, manage and share credentials across all devices used by a given employee.
• Two-factor authentication requires employees to enter a code, typically sent to their phone or email address, in addition to their login credentials when signing in. A hacker attempting to break into your network is unlikely to also have access to the user’s phone, so this authentication helps to prevent the successful use of stolen passwords.

Step 5: Set up a remote-access virtual private network (VPN)

Your properly trained and equipped employees need something secure to connect to your corporate network when they’re working remotely. And that means a setting up a virtual private network (VPN) for remote-access. Instead of connecting your company’s servers or desktop computers directly to the internet, where computers and data transfers are vulnerable to attack, your employees use a VPN’s client software to guide all traffic through a single secure, encrypted tunnel. Their client connects to a network access server with login credentials, and all data is transferred through that secure tunnel to and from your company’s systems. (Pair your VPN with two-factor authentication for even greater security.)

Tom Wojcinski, CISA, CRISC - Wipfli, LLP