Remote teams are the biggest security risk to your organisation. The threats can be underestimated when considering your organisation’s cyber security risk and the potential consequences of an employee mis-managing corporate resources outside your network. And if it's information about your clients, GDPR requires you to keep their details safe.
Ensuring your remote employees remain protected is essential to your organisation’s security. You must ensure devices do not introduce malware (or other cyber threats) while commercial and sensitive business information remains secure and protected.
1. Make Use of the Cloud
The cloud is a beneficial way of ensuring your data is kept secure when working with remote teams. It’s much more difficult for cyber attackers to break into the cloud. At the same time, it also makes it highly unlikely that your workforce will lose any of their or the organisation’s sensitive data.
There are also paid systems available to encrypt your cloud storage to increase security.
2. Review Password Security
While this method is simple, it remains one of the most important for securing your business’s data. Ensuring an effective password policy is enforced and policed across your organisation is an essential foundation for your security. The latest password guidelines from NIST advise the following:
- Use multi-factor authentication, if available
- Use a phrase with multiple words, which you can picture in your head
- Require a minimum of 8 characters
- Check new passwords against a dictionary of known-bad choices
- Protect your most important accounts with a unique passphrase
- No more periodic password change requirements (without a reason)
3. Manage Use of Public Wi-Fi
Public Wi-Fi is relatively easy for attackers to break into. It’s one of the primary ways hackers gain access to sensitive information. You should avoid connecting to unsecured networks at all costs. However, you could use a corporate VPN or a cloud-based solution, such as Zscaler’s Cloud Security platform, which delivers a cloud-based security stack to maintain security, wherever you connect from - across public Wi-Fi, in the airport, cafe, or at home.
Your employees must use public Wi-Fi at some point, especially if they travel for work. You want your teams to be able to use it safely, rather than not completing work and decreasing productivity. So, how can this be achieved?
Please don’t use it for sensitive, business-critical activities. Finishing a presentation or amending a document is understandable, as long as nothing is worked on, opened or logged into, including any data you need to keep secure. A document on dress code policy is not something you need to worry about opening, but a spreadsheet containing your clients’ email addresses or other personal information would be worrying.
You may even find it useful to compile a list of approved apps that your teams can use on public Wi-Fi.
4. Restrict Use of Public Computers
Generally, you shouldn’t allow your remote teams to use public computers for business work. Even accessing work emails on a laptop in a cafe or hotel can be dangerous and open you up to many threats. You will be unaware of the types of malware on the computer or even the security measures in place, if any. To take this further, you won’t be aware of potential spyware that might have been installed by a previous user looking to find sensitive information.
Due to the lack of knowledge of what malicious users have installed, it is best to avoid having your remote employees use public computers.
5. Manage USB Drives
Secure your corporate data by restricting the use of USB drives. This shouldn’t only be the case for public computers, but also be necessary for each employee. Remote work can easily misplace USBs, which are free for anyone to open if found.
Remote workers should also be aware of the risks of introducing malware to the network, whether by using someone else’s USB stick or other unverified sources. If attackers can plug something in, the USB port is an open door for them.
6. Ring-Fencing Corporate Data
Ring-fencing occurs when a portion of your company’s assets and data are separated without necessarily being operated separately. This allows individuals who have access to locate a volume of data on different hardware. Confidential data can be split into various files. These can then be saved on separate devices, so with this method, only individuals who know how to access this data can do so.
By ring-fencing data, those without relevant access cannot open sensitive files. The files are incomplete, so they must be brought together to work and be accessed. This is another beneficial method to secure your sensitive data further, as even if a small section of data has been accessed, it simply won’t make sense without the remainder of the secure files.
7. Control Mobile Devices
The power and convenience of smartphones and tablets make these devices the preferred choice and not just for your remote workers. Hackers have seen the soft opportunity presented by mobile devices. With the big increase in mobile-borne cyber threats and the introduction of GDPR, organisations have realised they require similar controls for mobile devices as are applied to the corporate network.
Implementing a mobile device management platform is the essential step to controlling your mobile devices, including employee-owned (BYOD) devices. From a unified platform, you can update firmware, manage and update apps, monitor for malware and much more.
8. Conduct Training for your team. When working with remote teams, the
Training your employees remotely is the best option for maintaining your data security. You should regularly inform your teams of important security protocols and common hacker strategies, such as how to spot phishing emails. A study by Cisco showed that 70% of data breaches in organisations stemmed from employees doing or accessing something they shouldn’t have. The employees weren’t doing this maliciously; it was through a lack of knowledge. Keeping your remote teams trained and informed is the number one way to keep your data safe and secure.
How Can You Keep Your Data Secure?
Security does not rely on one single solution, though. It requires a multi-faceted approach. Any single solution is open to vulnerabilities, so having a series of fail-safes is essential.
Operating 24x7x365 from within our high security Tier 3 UK data centre, CyberOne's state-of-the-art Network & Security Operations Centre (NOC/SOC) helps many of the UK’s leading organisations remain ‘Always On’, Always Secure’.
Why not take the first step and talk to one of our network or security experts about the steps to secure your remote workers?
Further Reading
- Getting ready for Cyber Essentials PLUS certification
- 5 steps to get your business prepared for Cyber Essentials certification
- What is a Vulnerability Scan and does my company need one?
- The 5 critical security controls of Cyber Essentials PLUS
- INFOGRAPHIC: The 8 most common types of cyber attacks
- INFOGRAPHIC: How to create strong passwords (you can remember!)