How to Ensure Security when your Employees are Working Remotely

Remote work is the way of the future. Employ­ees who are able to do their jobs effec­tive­ly from home are now often giv­en the option to skip the com­mute and work remote­ly. Unfor­tu­nate­ly, this cre­ates risk for the com­pa­ny.

Remote work car­ries great risks of infor­ma­tion inter­cep­tion, device theft, and mal­ware. Here are some ways to mit­i­gate these prob­lems.

Take Con­trol of the Devices

It’s tempt­ing to hook your employ­ees’ home devices up to a Vir­tu­al Pri­vate Net­work (VPN), but this is usu­al­ly a bad idea. VPNs are absolute­ly pass­word-secure, which is good for stop­ping inter­cep­tion of infor­ma­tion on the Inter­net, but use­less at fight­ing the vul­ner­a­bil­i­ties of devices.

If an employee’s device has a secu­ri­ty flaw, it can be used as a route into the net­work.

About 95% of secu­ri­ty issues can be fixed by reg­u­lar­ly apply­ing secu­ri­ty updates to the soft­ware on devices and refus­ing to install non-secure soft­ware. If you give your employ­ees admin priv­i­leges over their devices, not every­one will act respon­si­bly. How­ev­er, if you admin all the devices on your net­work remote­ly, you will have con­trol over all soft­ware changes.

Use Inter­nal Fire­walls

It’s a pain to con­tin­ue to set allowed ports and pro­grams, but fire­walls go a long way to lim­it­ing the dam­age of any intru­sion. Only a lim­it­ed num­ber of pro­grams need to com­mu­ni­cate between devices, so open ports for those pro­grams while block­ing the rest.

Edu­cate Employ­ees about Phish­ing

We like to think of “hack­ers” as the movies por­tray them”: reclu­sive genius­es who type fast while shout­ing non­sense. Unfor­tu­nate­ly, they are nor­mal peo­ple who have learned how to exploit oth­ers, even remote­ly at work.

Many hack­ing attempts start as “phish­ing” attempts to scam users out of their pass­words. Make it clear to employ­ees that there is no rea­son for them to ever tell their pass­word to any­one else in the orga­ni­za­tion. Set up the pos­si­bil­i­ty of guest priv­i­leges while work­ing remote­ly and alter­nate accounts to dis­cour­age account shar­ing.

Invest in Pro­fes­sion­al Secu­ri­ty Sys­tem Design

No blog can cov­er even 1% of a secu­ri­ty pro­fes­sion­al’s knowl­edge about design­ing a safe sys­tem. If you hire a pro to test your sys­tem and make changes, then you know that you have done as much as pos­si­ble to pro­vide real pro­tec­tion to your employ­ees and cus­tomers!