Workforces have been increasingly distributed and many businesses aim to continue that strategy for the foreseeable future. There are a fair share of challenges that distributed employees have themselves, but for the business, it can be tough getting them to do the things that need to be done to secure the business. Here are a few actions that need to be taken if you want to make that happen.
One of the things that workers don’t understand is what exactly changes when they work from home is that it effectively distributes the operational network over a wide array of networks, making it difficult for security teams to provide the comprehensive services that they typically do. This requires the employee him/herself to do most of the diligent work to ensure that their endpoints don’t become problematic for their business. This gets more difficult as the number of new endpoints and those who are new to working remotely increase.
For many businesses, the procedures that dictate a work-from-home policy have been hashed out at some point over the past two years, but it is important to not be complacent when onboarding new workers or dealing with current staff that all have increasing numbers of endpoints in their home. Do you supply the devices that your employees are working on? Have you migrated your production to Software-as-a-Service applications? Do you use any other cloud-hosted environments to make it easier for remote employees to access information? If not, do you have secure access for remote employees through a VPN or some other remote access service?
Staying up to date and present on these issues will help you do more to protect your network and infrastructure from any threats that could be brought in by unwitting employees.
For many organizations, the thought of purchasing endpoints for every employee now working from home is an impossible ask. Even if it is possible, is it a prudent way to spend capital? Some would argue yes since one of the biggest cybersecurity risks to your company is a personal device that isn’t secured against today’s various threats. This isn’t because your security platforms can’t secure your network, it is because the user may not have up-to-date antivirus software, or their applications aren’t updated properly, or they don’t use password practices that help ward against outside infiltration.
Since the threat of a data breach increases substantially when there are open vulnerabilities, it is prudent to expand your security protocols to ensure that all company-owned information is being saved to company-owned storage solutions; whether that be an onsite server or company-owned cloud platforms. The less company data is found on employees personal devices, the better the chances of protecting it.
It was so when everyone was working side-by-side, but employees depend on collaboration apps even more today to get projects out the door and keep lines of communication open. Unfortunately, these tools were never designed with security in mind—they are designed with cooperative productivity in mind—so it opens up new problems for people working in these apps if their data isn’t secure in transit; and when it arrives on your employees’ computers.
One solid tip is to ensure that the people that are collaborating on a project or service are the only ones inside a specific group. Since anyone can initiate conversations, it is important that only the people that need to be in on the conversation, data flow, and administration of any project be in the chat. Otherwise, exposing potentially sensitive information to insecure parties is possible. This happens more than you think, especially in enterprise and medium-sized business settings where people are added and removed to mailing lists and collaboration lists all the time.
Finally, you will need to train your people. In the collaboration age, where doing more with less is a business model, you need to ensure that you invest resources in getting the people that work for you the information they need to keep your business’ IT and data secure. They don't necessarily need to be experts in computer maintenance to do this either. Just teach them the basics—how to spot phishing and other potentially harmful messages and report them to the IT administrator; how to put together a secure password; why your business has the password and security policies it does; what resources are managed by your IT team; and what they need to do to ensure that they aren’t a weak link in your business’ cybersecurity efforts.
A lot of people like the experience of working from home, and for the business (with today’s technology) it can be of great benefit, but in order for it to be a good experience, strategies have to be altered to ensure that you aren’t constantly battling your team and scammers alike. If you would like some advice about how to navigate a remote team, the technology needed to ensure you’re ready and any other IT or workflow related questions, give Clearmind Technology a call today at (323) 489-3250.