October 19, 2023
The popularity of working from home, spurred considerably by the pandemic, appears to be here to stay. If your business continues to allow employees to work remotely, those individuals need to be able to function as securely at home as they would in your brick-and mortar location. Let’s explore some best practices for remote-work cybersecurity, many of which also might apply to employees in a traditional workplace.
Focus on Connections
How and when do employees connect to your business network? Although no single solution will eliminate every risk, taking multiple security steps will make gaining access to your network and data more difficult for those who shouldn’t have it. These may include:
Have employees use business-issued devices when possible. This typically is more secure than allowing them to use personal devices. You can secure the devices from the get-go and then regularly update the security features and control the applications placed on them to keep them protected.
Implement strong “bring your own device” (BYOD) policies. If requiring all employees to use only work-issued devices isn’t practical, take active measures to secure employees’ personal devices. For example, require staff members to register each device with the company and add security features to any device they’ll use to access your network.
Choose the best system for employees to connect with the company’s network. One commonly used way is through a virtual private network. It encrypts data as it’s sent and then decrypts it when it’s received. This makes it more difficult for unauthorized individuals to access the data. There may be other options available as well.
Implement two-factor authentication. As the name suggests, two-factor authentication requires employees to demonstrate their identity in two ways. So, in addition to entering usernames and passwords, employees may have to enter a numerical code sent to their phones. This reduces the risk someone can impersonate an employee to access the network.
Use role-based access control (RBAC) and the principle of least privilege.These limit access to applications and sensitive data so only employees who truly need particular types of information can get it. Under RBAC, for instance, employees in the accounting department are granted access to different software or systems than staff in the HR department. Similarly, under the principle of least privilege, users are given only the minimum levels of access needed to perform their job functions — and no more. Going back to the same example, this prevents someone in accounting from perusing HR files.
Explore Helpful Software
You also may want to consider software-based security measures. For example, your business may benefit from deploying a malware detection solution. It uses specific computer programs to detect the presence of malware (short for malicious software) as well as viruses (a type of malware that self-replicates and inserts itself into other programs). The solution removes any malware detected.
Another possibility is to use a mobile device management (MDM) solution. It typically comes with a device-tracking feature that enables IT administrators to control and secure your organization’s mobile devices. To respect employees’ privacy, some of these allow users to separate their work and personal profiles. In addition, if a device is lost or stolen, many MDM solutions allow you to erase the data on it.
Stay “Clean”
Generally, every business should practice “cyberhygiene.” On an ongoing basis, train employees in widely accepted cybersecurity practices such as:
Finally, despite your best efforts, a breach may occur. Make sure you establish procedures in advance for handling a breach. This should include steps for investigating, containing and recovering from the breach, as well as for communicating with affected parties.
Layer Your Defenses No single action can guarantee total cybersecurity. But the more layers you put in place, the better the odds that a breach at one level won’t necessarily be able to penetrate the next. Consider engaging a qualified IT consultant to test and fortify your defenses. And work with your CPA to measure, track and optimize your technology costs.