1. Keep a Close Eye on Personal Devices
Employees working from home typically use their own devices. Unfortunately, these devices are usually less secure than workplace-issued devices; software may not be regularly updated, security applications may not be either installed or updated, while the passwords used might be weak.
Whenever possible, issue your team with devices purchased by the workplace and provisioned by the IT team. If that isn’t an option, however, you should find out from IT how to tighten the security around the personal devices of each member of the team.
2. RDP Sessions Should Be Used Sparingly and with Controls in Place
If you ask IT to make personal devices more secure, the vast majority of IT departments will want to use RDP for getting in, getting the job done quickly, and getting out. However, while RDP sessions might be a useful tool, bad actors who scour the Internet looking for open RDP ports may hijack them.
Ideally, you should only consider enabling RDP on devices that truly need them, and then tighten your own security using lockout policies, multi-factor authentication, as well as strong passwords.
3. Reorganize VPN Connections
Your security team should rethink its management of your virtual private network; it is probably neither possible nor practical to extend VPN connections to all employees, so think about the employees that really need access to specific sensitive data to do their jobs.
Reorganizing VPN connections in such a way will ensure that most employees only have access to the information they require. If a member of the team suffers a breach, the attackers will be unable to access all your sensitive data.
4. Ensure that Employees Know the Basics When It Comes to Routers
It is impossible for IT to come to everyone’s home and segment every employee’s router, which is why you should educate employees about network security in their own homes. Train employees to set up their network to ensure data safety, creating one network for personal use, a second for their personal devices, and a third for work devices. If employees do this, they can ensure that cybercriminals don’t hack work devices by targeting family members.
5. Application Security Shouldn’t Be Forgotten
Even the most tech-averse employees probably know that their apps are not that secure. They might mention a product in conversations and then see an ad for it in their social media feeds. Open cameras and microphones can also give bad actors a way into your data.
Offer your team training so that they are able to lock down the apps they use and the apps their family members use. Your team also needs to take a hard look at your own applications – will your entire network be exposed if just a single application gets hacked?
You should also consider using X.509 certificates and integrating them with a solution that doesn’t involve passwords. The application-centric approach to security will not only make your applications more secure but also reduce the reliance of your organization on VPNs.
6. Store Data in the Cloud
Team members may be tempted to store work data on their own devices at home, but because of the insecure nature of their personal devices and home Wi-Fi networks, this is something that should be actively discouraged.
Keep all work data stored in a secure cloud, or use applications that support a virtual desktop space for team members when they are working. Furthermore, you should ensure that the cloud provider is secure and does not have a history of breaches.
7. Use Single Sign-On
Usernames and passwords can be hard to manage even at the best of times. Now, when your workforce is working on the devices and apps that are available to them at home, the username-password system is increasingly fraught (when signing into multiple tools, it is hard to remember all secure, 8-character passwords) and unreliable (if a person uses the same password over and over).
To manage this and make everything simpler, consider using a single sign-in tool that lets users easily and securely sign on to the apps that they need for work.
8. Be Prepared for Breaches
What steps will you take in case of a data breach? What will happen if an employee’s physical device is stolen? Do you have backup systems in place for ensuring that productivity continues even if your networks and systems are breached? Nobody ever likes to think of a breach occurring, but if it does, it is always advisable to have a plan.
9. Remember: Security is the Responsibility of Everyone
Security is always everybody’s job, but if you have a remote team, it is important to ensure that all team members know the basics of security. For example, training can help workers identify phishing attempts and can also help them set up their devices to ensure that they are as secure as possible. For lone workers who face a direct risk there are body worn cameras.
10. Use Tools for Monitoring Remote Workers and Endpoints
The Cost of a Data Breach report by Ponemon recommends that organizations beef up security by using tools that offer security teams greater insight into suspicious activity on the company and employees’ personal desktops, laptops, mobile devices, tablets, and IoT, including the endpoints that the organization does not have physical access to.