The popularity of working from home pumped up during the COVID-19 pandemic and may be here to stay. Your employees need to be working as securely from their homes, virtually, as they would be from your brick-and mortar location. The following tips for remote-office security are also beneficial when your employees are in your workplace.
A Focus on Connections
How and when do employees connect to your corporate network? While no solution will eliminate every risk, taking multiple security steps will make gaining access to your network and information more difficult for those who shouldn’t have it. Possible steps include:
Have employees use business-issued devices when possible. This typically is more secure than allowing them to use personal devices. You can secure the devices at the start and then regularly update the security features and control the applications placed on them to keep them protected.
Implement strong “bring your own devices” (BYOD) policies. If requiring all employees to use only work-issued devices isn’t practical, take steps to secure employees’ own devices. Require employees to register with the company and secure any devices they’ll use to access the corporate network.
Choose the best system for employees to connect with the company’s network. One way is through a virtual private network (VPN), which encrypts data as it’s sent and then decrypts it when it’s received. This makes it more difficult for unauthorized individuals to access the data.
Implement dual-factor authentication. As its name suggests, this requires employees to demonstrate their identity in two ways. So, in addition to entering a user-name and password, an employee may have to enter a code sent to his or her cell phone or computer. This reduces the risk someone can impersonate an employee to access the network.
Use role-based access control (RBAC) and the principle of least privilege. These limit access to applications and confidential information so that only employees who truly require particular information are able to gain access to it. Under RBAC, employees in the accounting department typically require different applications than those in the human resources department. The same principle can be applied within one department — for example, in the accounting department, junior employees would have less access to specific accounting applications and information than the controller would.
You also may want to consider technology-based security strategies. For instance, your business may benefit from deploying a malware solution, which uses specific computer programs to detect the presence of malware (short for malicious software) or viruses (a type of malware that self-replicates and inserts itself into other programs). Then, these programs remove the malicious software.
Another possibility is to use a mobile device management (MDM) solution, with features, such as device tracking, that enable IT administrators to control and secure your organization’s mobile devices. To respect employees’ privacy, some of these allow users to separate their work and personal profiles. In addition, if a device is lost or stolen, many MDM solutions allow you to erase the data on it.
In general, it’s a good idea to practice “cyber hygiene.” On an ongoing basis, train employees in security best practices:
- Require using strong passwords and changing them on a regular basis, such as once per quarter.
- Emphasize the need to use discretion when opening attachments.
- Discuss phishing schemes, in which criminals send emails purportedly from legitimate sources to gain confidential and/or financial information, and address ways to avoid being tricked.
- Remind employees not to let others use their corporate-issued devices — and not to use corporate-issued devices for personal business — both of which raise risks.
Finally, despite your best efforts, a breach may occur. Make sure you establish procedures in advance for handling a breach. This should include steps for investigating, containing and recovering from the breach, and for communicating with any affected parties.
Layer Your Defenses
While no single action can guarantee total security, the more layers your security defense has, the more likely it is that a breach that penetrates one defense can be stopped by the next. Get professional advice to help you determine which practices and solutions fit your business.
Copyright © 2021