How to maintain security when employees work remotely

Although remote work is not a new concept, it has substantially increased its traction since the COVID-19 pandemic started, and maintaining security when employees work remotely is the new challenge.

Many companies were forced to operate remotely and had to adjust to the new circumstances. But what does this abrupt change represent in terms of security?

We explore those impacts and how companies can maintain security when employees work remotely.

Adjusting to any change can be complicated, even more so when it is so abrupt, as was the case with the remote shift for various companies in 2020 and 2021. Most didn't have previous experience in a remote work environment, so there was a steeper learning curve.

Before the coronavirus pandemic, only 17 percent of U.S. employees worked from home five days or more. During the pandemic, this figure grew to 44 percent.

Throughout the past 12 months, there have been new opportunities for attackers to explore. In the first half of the pandemic, 4 out of 10 COVID-related emails were spam, and there was a 46 percent increase in the number of suspicious incident reports for home IoT devices.

As the social engineering techniques used by attackers continue to evolve, many organizations have fortified their cybersecurity to secure their digital operations and avoid falling victim to attackers.

Let’s get into some practices you can implement to maintain security in these trying times.

What are companies doing to maintain security in remote work?

1. Define a remote work security policy

If you have not yet done so, one of the first steps to increasing and maintaining security is to define remote-work security policies. Also, communicate adequately with your workforce.

If you do not have a document with these policies defined, it can be challenging to identify what it means to maintain security within your company.

Draft a policy document that outlines the different security protocols and identifies how the company intends to support compliance with those protocols among employees.

2. Provide training on cybersecurity best practices for employees

Focus on educating your employees on cybersecurity best practices to reduce the threat surface.

Having an informed workforce is one way of preventing attacks and maintaining security.

Companies should provide a thorough explanation about security policies instead of just stating them, as it will promote a better adoption rate.

3. Guarantee Network security

If your employees used to access a secure office network to do their jobs, you’ll want to transfer that security to a remote setting.

To do this, you will need a remote access VPN. That should give you more power in terms of access control and privacy.

However, trusting that a VPN will resolve all your cybersecurity concerns is not a good option. It is not about one perfect solution but rather a combination of various practices and tools.

Try not to overload it, as it will cause an undesired slowdown. You may need to prioritize a VPN for specific services, choose a provider with a large server network, and manage its usage adequately.

4. Personal device usage regulation and maintaining systems updated

Using personal devices to work increase the vulnerability to attacks because their devices could have outdated antivirus software or use weak passwords.

Therefore, regulate the usage of personal devices. Maybe it’s time to consider providing employees with a suitable antivirus license to diminish these risks.

Encourage regular security scans and implement a secure password manager to help employees manage multiple strong passwords.

Using a password manager encourages employees to implement and store strong passwords without the hassle of remembering everything.

Always keep tools like firewalls, antivirus, and others updated.

5. Continuous verification (Zero Trust) approach

Based on the continuous verification process, access is granted based on identities and respective permissions.

Good practices to implement in line with this concept:

• Multi-Factor Authentication (MFA)

• Use strong passwords.
  
  

6. Provide adequate IT support to employees

Guide employee insecurities with IT support.

Only with adequate support will they reap the full benefits of the training process and ensure that new security measures won’t impact productivity.

7. Ensuring Security beyond employee activity

Maintaining security is not just about guaranteeing your workforce follows your remote work security policies. The pandemic also shifted how companies should address the security of their websites.

In E-Commerce, there was an increase of 49% in online shopping, which also resulted in a growth of 20% in web skimming attacks. In these attacks, attackers infiltrate malicious code into websites without ever having to breach companies’ servers, and this code can silently steal credit card details of all shoppers.

Using the same strategy, attackers can exfiltrate data from any website, including sensitive information such as personally identifiable information (PII), protected health information (PHI), and credentials.

Because these attacks are more sophisticated, it’s critical to follow secure coding practices and implement threat monitoring technologies that can readily detect and block client-side attacks like web skimming and data exfiltration.

Conclusion

The pandemic has created opportunities for attackers not only to target remote-working employees but also to target websites that handle sensitive data.

The traditional security approach doesn’t cut it anymore.

Nowadays, it is not just about discovering the one secret ingredient but also combining various practices and building a robust strategy.

One step is keeping up with entities like the NCSC, NCSA, OWASP that will provide guidelines for cybersecurity best practices and evolving threats.

It is the companies’ responsibility to ensure the protection of their employees and their end-users.