February 25, 2020
The World Health Organisation (WHO) has released an official statement to say we should all do more to prepare for a possible Coronavirus pandemic. The WHO have also said that all countries should be in “a phase of preparedness”. Of course, this means taking precautions when in public areas. But as a business, we need to consider preparations for our working environment to deal with any sort of potential disruption.
Would you be prepared if the government released an official statement saying, “all employees must work remotely to avoid spreading the outbreak”?
Transitioning your employees to work remotely
Rapidly transitioning to remote working if a crisis hit would be chaotic. Teams will likely be focused on enabling remote working, without considering security implications. So it is important to build securing into the heart of the conversation and solution. When remote workers operate from home, do they have the same security that they would have in the office? Do the most likely vectors of attack (email, web and endpoint) have the same security remotely that exists in the office?
DON’T ALLOW THE CORONAVIRUS TO BRING OTHER VIRUSES INTO YOUR NETWORK!
This isn’t the only threat to consider – other forms of disruption, such as flooding or snow can test the ability of your business to enable remote working – quickly and securely.
We recommend 3 critical questions to ask in addressing this concern:
Can your employees access the resources they need from home?
This includes all the critical communication such as phone, email, messaging and other tools to be part of this virtual team. It would also include access to business applications and cloud delivered services, as well as remote network access where needed.
Can you protect your employees where they are working remotely?
The most critical vectors are web security, email security and endpoint protection. Do these continue to protect employees remotely? Cloud delivered solutions are key to extending your security to wherever your employees need to work.
Have you tested these systems?
In many cases, we design the ability to work remotely but does this operate for an extended period such as a full week? Being prepared means putting these actions in place before disaster hits. This means you’ll have time to test it works as required.
Remember: Without security that is delivered via the cloud, you risk your business being compromised. Without ensuring secure remote working, your employees won’t have the resources they need.
How to incorporate secure remote working
The first step is to identify what services you need to allow remote working.
- This usually includes accessing emails, remote phone access or something to allow team communication such as Microsoft Teams or Zoom.
- File sync and share allows you to share files across multiple devices and with multiple people using file synchronisation – allowing files to be stored in any approved data repository and accessed remotely by employees from any of their IT provisioned devices.
An effective solution for this is Office 365. With Office 365, you can work anywhere, collaborate with colleagues, reduce capital spend and more so, it provides advanced security features.
Make use of the cloud
The cloud is a beneficial way of ensuring your data is kept secure when working with remote teams. It’s much more difficult for cyber attackers to break into the cloud, while it also makes it less likely that your workforce will lose any of their or the organisation’s sensitive data. To prevent viruses, ransomware attacks and your network being compromised, web and email filtering is needed wherever your employees are. Leading cloud-based security technologies like Zscaler or SentinelOne allow you to take security with you, wherever your employees go.
Password security
It’s a simple but important for securing your business data. Strong passwords with an effective password policy is an essential foundation for your security.
- Use multi-factor authentication
- Use a phrase with multiple words and characters
- Protect important accounts with unique passphrases
Limit use of public Wi-Fi
Public Wi-Fi is relatively easy to break into by attackers. In fact, it’s one of the primary way’s hackers gain access to sensitive information. You should use a corporate VPN, or a cloud-based solution (e.g. Zscaler’s Cloud Security platform), which delivers a cloud-based security stack to maintain security wherever you connect from – across public Wi-Fi, in the airport, cafe, or at home. Don’t use public Wi-Fi for sensitive, business-critical activities. Finishing a presentation or amending a document is understandable, as long as nothing worked on, opened or logged into, including any data you need to keep secure.
Carry out staff training
You can maintain data security with remote teams by training your employees. You should regularly inform your teams of important security protocols, as well as common hacker strategies, such as how to spot phishing emails. A study by Cisco showed that 70% of data breaches in organisations stemmed from employees doing or accessing something they shouldn’t have. The employees weren’t doing this maliciously, it was through lack of knowledge.
How can you keep your data secure?
Security does not rely on one single solution. It requires a multi-faceted approach, as any single solution is open to vulnerabilities. Having a series of fail-safes is essential. Operating 24x7x365, CyberOne’s state-of-the-art Network & Security Operations Centre (NOC/SOC) helps many of the UK’s leading organisations remain ‘Always On’, Always Secure’. Why not take the first step and talk to one of our network or security experts about the steps to secure your remote workers?
Further reading
- Getting ready for Cyber Essentials PLUS certification
- What is Zscaler Private Access (ZPA)?
- What is a Vulnerability Scan and does my company need one?
- The 5 critical security controls of Cyber Essentials PLUS
- INFOGRAPHIC: The 8 most common type of cyber attacks
- INFOGRAPHIC: How to create strong passwords (you can remember!)
About CyberOne
CyberOne is a government-approved Cyber Security and IT Managed Service Provider, supporting clients 24/7 from our ISO27001-accredited UK Security Operations Centre (SOC).