When a company transitions to a remote workforce, there are several requirements to ensure a successful transition. While many of us experienced this during the first round of lock-downs, most companies needed to take a "just get it done” approach, and may not have had the opportunity to slow down and put security first.
Now that you’ve been working remote for a while, it’s time to take a second look at your remote work infrastructure. Here are a few suggestions that may improve your security this time around.
It Matters Where Your Data is Stored:
Content storage should be allowed on the cloud only. Save to your hosted file server, not the local machine. In this way, data can be securely backed up. Or save to your on-prem server via a secure VPN connection, and back up that data using a managed cloud backup service such as i-Vault.
Protect Those PCs:
Use 2-factor authentication. This adds a second level of security to important applications. Multifactor authentication uses OTP (one-time password) technology, certificate-based USB tokens, smart cards, and many more advanced security technologies.
Install a managed endpoint agent with the ability to perform (1) data protection (2) malware protection, especially if corporate data is allowed to reside on the machine. We recommend i-Protect.
Wi-Fi Safety:
No connection is allowed with public/free WiFi – ever!
On the home Wi-Fi, change default passwords and user names. Make them long, random, protected and carefully managed.
Use security, but not just any default (usually WEP) security protocol, use the best available at the time, which is WPA2 at present. You can increase the protection more by also using EAP-Transport Layer Security (TLS) for more secure user authentication.
Turn off WiFi-protected setup (WPS) to prevent bad actors from using it to breach your network more easily.
Train Your Team to Recognize SPAM and Phishing Emails:
Spam and phishing emails are received daily, and while most of us know not to fall for it, you should never take that chance.
This is especially important if your remote workforce includes the likes of customer service employees, who handle not only your company’s information but also your customers'. It’s very easy for hackers to disguise a malicious email to look like a standard customer enquiry, and if your employees are receiving hundreds of emails a day, it’s unlikely a disguised spam email will stand out to them.
Encrypting all emails will make certain that the content is disguised, which will protect any sensitive information that may transpire during an email conversation and only the intended recipient will be able to see it.
Back to Basics:
Have a contingency plan for risk management. If a remote worker loses a laptop with sensitive business information on it, it’s essential that the laptop can either be tracked or remotely deleted.
Do a simple security training. It's easy to forget just how easy it can be to lose personal data. In an age where we are so focused on remote hackers and data breaches, it's easy to forget something as simple as accidentally leaving your computer unlocked while you take a bathroom break at the coffee shop can leave your sensitive data wide open.
These steps should help you to keep your remote workforce, and your business, safe in the year to come. Should you have questions or require guidance, we’re always here to help. Contact us at 855-I-EVOLVE or info@i-evolve.com.
