Fast-Tracking Your Digital Transformation Series: Part 2
Planning Your Remote Work Security Policy
Having a remote work security policy to ensure the protection of business operations has shot up the agenda of virtually every organization in the country.
Over the last month, 1000s of companies have had to react to the current circumstances and radically change their business models in order to best cope.
For most, this has meant shifting their workforces to conduct their work from home.
Not only has this caused massive disruption to normal working lives, but also massive vulnerabilities to the security protections of businesses; SMBs in particular.
Read Last Week’s Post in this Series: Fast-Tracking Your Digital Transformation Series: Part 1: Backup and Business Continuity
Unprepared for Change
While remote work as a whole has seen increasing buy-in from employers over the last few years, the vast majority of organizations still have not adopted clear policies on ensuring security while employees work from home.
Only 7% of employers in the US offer work-from-home options to most or all of their employees
Because of this, businesses have found themselves wholly unprepared to operate with mostly remote employees, leaving them increasingly susceptible to cyberattacks.
To make things worse, attacks have become more frequent and more costly, with cybercriminals taking advantage of the crisis to target unsuspecting users.
Organizations need to act to protect themselves, and they need to act now.
Let’s take a look at how SMBs can fast-track their remote work policies and give themselves the security they need.
One of the principal issues you have to contend with when having a remote workforce is protecting your data.
The proliferation of information gathering, what we’ve come to know as “big data”, has meant that businesses now possess far more sensitive data than ever before.
Whether its customer data, client data, or your own, the chances are that sensitive information is passed around and handled by different employees frequently on a daily basis.
While this is perfectly normal in a normal business environment with all the appropriate protections on your internal network, this is made substantially more difficult when users are accessing and handling data when not under network.
Users will likely be in their homes, but under normal circumstances you can also expect workers to be operating out of public areas too, like coffee shops.
After their own homes, the second-most common place for employees to conduct remote work is in coffee shops, with 37% of respondents indicating they use them
The commonality between any of these locations is that it’s significantly harder for your IT team to verify the integrity of the networks they are connected to.
While you can assume that their home networks have at least some level of basic protections, public locations are just asking for trouble.
It’s imperative that your remote work security policy ensures the integrity of your data is at all times.
Two ways you can do this effectively are:
Using VPNs to protect data
Between March 8 and March 22, 2020, VPN usage in the US increased by 124% in response to COVID-19, an indication of how individuals and businesses are reacting to recent rising cybersecurity threats
A VPN is a simple way of extending your private network—what employees would log onto at work—across the public internet and allowing users to connect as if they were in the office.
It effectively creates a “tunnel” between the office network and the end user.
Data which is retrieved or sent by the user is encrypted at the start of the tunnel and decrypted when it reaches its destination, meaning no one will intercept your sensitive information, even while connected to a public WiFi spot.
So long as the VPN is switched on and running, your data is safe.
Mobile Device Management
Mobile device management—or MDM—started as a way to protect people’s smartphones under network.
The Internet of Things has completely upended the way businesses approach their security.
To maintain the integrity of their data, organizations have had to extend network protections to all kinds of devices, whether it’s phones, laptops, or printers.
87% of companies are dependent to some degree on their employees’ access mobile business apps from their smartphones
With this new environment that businesses find themselves in, it can be overwhelming to manage so many devices in your network.
While current circumstances have forced organizations to contend with a litany of devices, in truth we’ve already been heading that way for a number of years.
An MDM solution is the answer to this particular question.
How an MDM can provide security
An MDM helps by giving IT teams visibility over every device in your network.
Mobile devices, particularly the personal devices of employees, often lack the correct malware and anti-virus software and as a result are vulnerable to attacks.
It is comprised of two parts: software on the endpoint called the MDM agent; and an MDM server which exists either on-premise or in the cloud.
You can use your MDM to bolster your security in a number of ways, including:
Monitor and manage remote devices; understand which devices are operating under your network; disable devices that shouldn’t be in your network; and support those who should.
How many times have you dismissed a prompt to update something on your computer? If you answered never, then you’re way ahead of the game. Employees who don’t update their software and operating systems are inadvertently opening up the possibility of harm to the entire business.
An MDM allows the operator to control updates to all devices and commanding devices to automatically update to the latest—and safest—version of software.
If a device is stolen, you can remotely wipe it of data, saving yourself the tremendous hassle of a dealing with devices in the case of a breach.
Mistakes happen, and knowing you have a backup plan in place to deal with them will be a weight off your mind.
Other ways an MDM can help:
- Restrict access to apps or device settings
- Standardized device
- Security policies
- Network security for BYOD policies
- Quicker device provisioning, deployment, and employee onboarding
Security Awareness Training
Security solutions as part of your remote work security policy are extremely helpful in fending off threats from cybercriminals.
Your own employees, however, are your greatest threat.
This is because cybersecurity attacks rely on social engineering more than ever before, meaning you’re far more likely to succumb to an attack through one of your own workers being scammed in one way or another.
Human error is the number one cause of data breaches from cyberattacks, with 52% of incidents directly attributable to them
You might be familiar with attacks on large enterprises, but it’s the rising number of cyberattacks on SMBs that should be concerning to business owners.
The most common and familiar of these attacks is phishing—primarily carried out via scam emails designed to fool users into thinking they’re from a reputable source.
90% of incidents and breaches included a phishing element
As criminals look to take advantage of human error, it’s important to have a workforce that is well-equipped with the knowledge to spot danger when they confront it.
In addition to the necessities of preventing employees causing data breaches, there is also the issue of compliance.
There are over 8,500 Local, State, and Federal standards that your organization may need to be compliant with, and not doing so can result in hefty fines that SMBs cannot afford to incur.
So, with this in mind, it’s a good idea to get your employees up to speed as quickly as possible in order to best mitigate these emerging threats by investing in cybersecurity education them.
Cybersecurity is one of the most important considerations a business can make, particularly in light of the recent COVID-19 crisis.
Find out more about what you can do to equip a remote workforce by reading our blog post, “6 Remote Work Considerations for SMBs.”