Working from home can be considered a great privilege. Afterall, who can complain about a few extra minutes of sleep and a 30-second commute to the coffee pot? As beneficial as this perk can be for both companies and its employees, this opportunity can seem more like a burden when neither party was prepared for the transition. Over the last few months, many organizations found themselves having to make this conversion at an unwelcome pace. Instead of having time to make adequate preparations and adjustments, many IT staff found themselves having to make decisions about cybersecurity policies on the fly. If you find yourself in this same situation of having to establish a remote workforce, these are some of the cybersecurity best practices to follow to protect your network.
Maintain the same or similar cybersecurity policies and procedures to secure your assets and data
The dog is at home, the laundry is going, the baby is crying. The surroundings of your new remote office may be different, but the cybersecurity practices followed by your company should remain the same. Well, as similar as possible. Working from home might feel like a free-for-all at times, especially when you’re in your PJs until dinner time, but strict cybersecurity precautions still need to be in place. The policies that are followed at the office should be the same policies that are in place when working remote. If you had firewalls installed on devices within the four walls of the company, these firewalls should be installed on the devices of your remote workforce. If you had an IDS or IPS monitoring incoming traffic to your network, you should make sure that process is still covered. If you do not have any cybersecurity policies in place yet, there is no better time to start. We recently published an article called: COVID-19: A Catalyst for Cybersecurity While Working From Home. In this feature we outlined 10 questions to address when creating your cybersecurity guidelines.
Require users to VPN into the network
If your employees are working from the home, the best practice is to have them use a VPN to access the network. A VPN is a virtual private network that allows users to connect securely to your company’s network. If this technology is not used, employees will have to connect to their home WIFI or another network that may or may not be secure. Public networks like those at coffee shops and other common areas are a notorious breeding ground for cyber criminals looking for data. If this practice is not enforced, your workforce may be inadvertently putting your company’s information at risk.
Offer the use of a password manager
Trying to remember 15+ passwords that must get updated every 30 days is no easy task. So really, who can blame an employee that tries to reuse the same password for multiple accounts even if it does jeopardize the network? The solution? Providing access to a password manager. A password manager not only saves headspace, but it’s a much safer alternative than having employees create their own passwords, which are generally very easy to hack in to. One perk of a password manager is its ability to generate complex passwords. These passwords can be made as challenging as you want by including a mix of numbers and characters. The program then stores these passwords and only requires you to remember one password to unlock your vault. The BitLyft team uses and recommends 1Password as its password manager of choice.
Setup two-factor authentication
In addition to the password manager, you will also want to require employees to enable multi-factor authentication. Multi-factor authentication is an additional level of security that requires users to present two pieces of information to log in to a program. For example, in addition to your password, you may also have to input a code that is texted to you, or you may have to plug in a piece of hardware to verify your identity. If you do install and use a password manager like 1Password, this function is built right into the program and it will automatically serve up a second piece of information to verify your account.
Offer company-issued devices when possible
We understand this might not be possible for every company, especially with the sudden departure from in-office work to remote work, but offering company-issued devices is key for maintaining security outside of the office. If you do not offer company-issued devices, you lose control over what is taking place on the device. You do not know what information is being moved across the network and you will have no way to tell if the device becomes infected.
You then have no control over what data is being transferred into the company’s network once this rogue device is connected.
Send out regular cybersecurity trainings and threat updates
You may not have the ability to host face-to-face cybersecurity training and events for your employees, but that doesn’t mean education should stop. We recommend taking the time to set up virtual training sessions or regular digital updates to inform employees of best practices and cyberattacks to look for. With the advancement of the coronavirus, we’ve seen a massive increase in activity among cyber criminals including phishing scams, malicious websites and hacking of virtual meetings. Once you establish regular training sessions, we also suggest establishing a means to measure their effectiveness. Education is only beneficial when it is put into action. So plan on following up to make sure your employees are actually following through.
Securing a remote workforce definitely has a learning curve, but following these best practices will make the transition much more smooth and secure. If you need additional help making sure your cybersecurity policy is adequately protecting your network, we are ready and able to help.