COVID-19: Impact Support | Learn More

Fast-Tracking Your Digital Transformation Series: Part 2

Planning Your Remote Work Security Policy

Having a remote work security policy to ensure the protection of business operations has shot up the agenda of virtually every organization in the country.

Over the last month, 1000s of companies have had to react to the current circumstances and radically change their business models in order to best cope.

For most, this has meant shifting their workforces to conduct their work from home.

Not only has this caused massive disruption to normal working lives, but also massive vulnerabilities to the security protections of businesses; SMBs in particular.

Read Last Week’s Post in this Series: Fast-Tracking Your Digital Transformation Series: Part 1: Backup and Business Continuity

Unprepared for Change

While remote work as a whole has seen increasing buy-in from employers over the last few years, the vast majority of organizations still have not adopted clear policies on ensuring security while employees work from home.

Only 7% of employers in the US offer work-from-home options to most or all of their employees

Because of this, businesses have found themselves wholly unprepared to operate with mostly remote employees, leaving them increasingly susceptible to cyberattacks.

To make things worse, attacks have become more frequent and more costly, with cybercriminals taking advantage of the crisis to target unsuspecting users.

Related Post: Coronavirus Scams: Q&A With Impact’s Director of MIT Security Services

Organizations need to act to protect themselves, and they need to act now.

Let’s take a look at how SMBs can fast-track their remote work policies and give themselves the security they need.

Data Integrity

One of the principal issues you have to contend with when having a remote workforce is protecting your data.

The proliferation of information gathering, what we’ve come to know as “big data”, has meant that businesses now possess far more sensitive data than ever before.

Whether its customer data, client data, or your own, the chances are that sensitive information is passed around and handled by different employees frequently on a daily basis.

While this is perfectly normal in a normal business environment with all the appropriate protections on your internal network, this is made substantially more difficult when users are accessing and handling data when not under network.

Users will likely be in their homes, but under normal circumstances you can also expect workers to be operating out of public areas too, like coffee shops.

After their own homes, the second-most common place for employees to conduct remote work is in coffee shops, with 37% of respondents indicating they use them

The commonality between any of these locations is that it’s significantly harder for your IT team to verify the integrity of the networks they are connected to.

While you can assume that their home networks have at least some level of basic protections, public locations are just asking for trouble.

It’s imperative that your remote work security policy ensures the integrity of your data is at all times.

Two ways you can do this effectively are:

Using VPNs to protect data

Between March 8 and March 22, 2020, VPN usage in the US increased by 124% in response to COVID-19, an indication of how individuals and businesses are reacting to recent rising cybersecurity threats

A VPN is a simple way of extending your private network—what employees would log onto at work—across the public internet and allowing users to connect as if they were in the office.

It effectively creates a “tunnel” between the office network and the end user.

Data which is retrieved or sent by the user is encrypted at the start of the tunnel and decrypted when it reaches its destination, meaning no one will intercept your sensitive information, even while connected to a public WiFi spot.

So long as the VPN is switched on and running, your data is safe.

Mobile Device Management

Mobile device management—or MDM—started as a way to protect people’s smartphones under network.

The Internet of Things has completely upended the way businesses approach their security.

To maintain the integrity of their data, organizations have had to extend network protections to all kinds of devices, whether it’s phones, laptops, or printers.

87% of companies are dependent to some degree on their employees’ access mobile business apps from their smartphones

With this new environment that businesses find themselves in, it can be overwhelming to manage so many devices in your network.

While current circumstances have forced organizations to contend with a litany of devices, in truth we’ve already been heading that way for a number of years.

An MDM solution is the answer to this particular question.

How an MDM can provide security

An MDM helps by giving IT teams visibility over every device in your network.

Mobile devices, particularly the personal devices of employees, often lack the correct malware and anti-virus software and as a result are vulnerable to attacks.

It is comprised of two parts: software on the endpoint called the MDM agent; and an MDM server which exists either on-premise or in the cloud.

You can use your MDM to bolster your security in a number of ways, including:

Remote management

Monitor and manage remote devices; understand which devices are operating under your network; disable devices that shouldn’t be in your network; and support those who should.

Device updates

How many times have you dismissed a prompt to update something on your computer? If you answered never, then you’re way ahead of the game. Employees who don’t update their software and operating systems are inadvertently opening up the possibility of harm to the entire business.

An MDM allows the operator to control updates to all devices and commanding devices to automatically update to the latest—and safest—version of software.

Remote wiping

If a device is stolen, you can remotely wipe it of data, saving yourself the tremendous hassle of a dealing with devices in the case of a breach.

Mistakes happen, and knowing you have a backup plan in place to deal with them will be a weight off your mind.

Other ways an MDM can help:

  • Restrict access to apps or device settings
  • Standardized device
  • Security policies
  • Network security for BYOD policies
  • Quicker device provisioning, deployment, and employee onboarding

data security graphic

Security Awareness Training

Security solutions as part of your remote work security policy are extremely helpful in fending off threats from cybercriminals.

Your own employees, however, are your greatest threat.

This is because cybersecurity attacks rely on social engineering more than ever before, meaning you’re far more likely to succumb to an attack through one of your own workers being scammed in one way or another.

Human error is the number one cause of data breaches from cyberattacks, with 52% of incidents directly attributable to them

You might be familiar with attacks on large enterprises, but it’s the rising number of cyberattacks on SMBs that should be concerning to business owners.

The most common and familiar of these attacks is phishing—primarily carried out via scam emails designed to fool users into thinking they’re from a reputable source.

90% of incidents and breaches included a phishing element

Related Post: How Cybercriminals Use Microsoft Office Sway to Steal Your Credentials

As criminals look to take advantage of human error, it’s important to have a workforce that is well-equipped with the knowledge to spot danger when they confront it.

In addition to the necessities of preventing employees causing data breaches, there is also the issue of compliance.

There are over 8,500 Local, State, and Federal standards that your organization may need to be compliant with, and not doing so can result in hefty fines that SMBs cannot afford to incur.

So, with this in mind, it’s a good idea to get your employees up to speed as quickly as possible in order to best mitigate these emerging threats by investing in cybersecurity education them.

Cybersecurity is one of the most important considerations a business can make, particularly in light of the recent COVID-19 crisis.

Find out more about what you can do to equip a remote workforce by reading our blog post, “6 Remote Work Considerations for SMBs.”