Do you know if your remote workforce is secure? October is Cybersecurity Awareness month—the perfect reminder to evaluate your security!
In the panic to get ready for remote work as quickly as possible during COVID-19, many organizations focused solely on getting the essentials up and running. Unfortunately, that means they may have forgotten to reevaluate their security once operations began.
If you haven’t had an IT assessment since you sent your employees home, or if you know your current remote setup is lacking in security, now is the best time to address it.
Here’s our list of the best security practices to adopt right now to protect your remote workforce.
Use Endpoint Controls
Endpoint security functions at each potential access point in a network to control who’s allowed inside the network and from where.
When all your employees are operating in the office, endpoint security can be fairly simple, since most or all of the potential access points are in one location and on one network. But when your team is working from home—maybe even from different locations throughout the country or around the world—things get a little more complicated.
Luckily, the right tools can keep your endpoints secure. Multi-factor authentication (MFA), VPNs, and M365 controls are just a few of the different features recommended to keep your systems safe.
Implement Multi-Factor Authentication
MFA involves setting up an authenticator that requires multiple forms of verification before allowing a user to log in—so instead of just using a password and username, a fingerprint, one-time passcode, or hardware token could also be required.
Microsoft has found that using MFA can block 99.9% of password-based attacks. Although it may cause you to take a few seconds longer when logging in, that’s an easy tradeoff for such a huge payoff in security.
Virtual Private Networks (VPNs) encrypt your data on its way to another server or device in a secure “tunnel.”
Inside an office, there would be no need for a VPN, since you’d usually have your own private network in your building. However, when employees work remotely, they may be using public networks such as those in cafes, airports, or hotels, which may not be secure.
Make sure remote employees (or even non-remote employees who may utilize public networks) have a reliable VPN installed. (A word of caution: be sure to choose a VPN that is trustworthy—free VPNs do exist, but if you choose one that’s not secure, it could introduce more security problems than it solves.)
Take Advantage of M365 Controls
Microsoft has enhanced features and Azure policies that enable security for remote users. For example, Windows 10 includes Microsoft Defender Advanced Threat Protection, which is an anti-malware feature that provides enterprise endpoint security. Automated patching and endpoint detection and response are also both included in Microsoft’s defenses.
Employees can check whether Windows Defender is activated on their Microsoft devices by looking under Virus & threat protection in the Windows Security app. However, the best practice is to systematically ensure it is enabled before giving hardware to employees to use.
Azure provides even more security features. The conditional access policy within Azure Active Directory allows companies to set up their own policies for users, which helps grant certain access to specific users, and Azure MFA can be used to secure and provide access to Microsoft 365 apps.
Evaluate Your Mobile Device Management
Mobile Device Management (MDM) software updates mobile devices simultaneously by pushing out updates. If remote work necessitates the use of more mobile devices in your company, it’s important to evaluate how these devices are being monitored for security.
Strong mobile device management can not only roll out patches and updates, but also set restrictions and access device settings—essential functions in case a device is lost or stolen.
Update Foundational Security
Transitioning to remote work may have altered the effectiveness of your foundational security—the basic tools that form the foundation of your business cybersecurity.
Foundational security generally includes areas like automated patches and updates, data backups, antivirus/anti-malware software, and firewalls. These simple yet vital systems make up the basis of good cyber hygiene and can protect organizations against a variety of common threats. Without foundational cybersecurity, your organization leaves itself wide open to significant risks.
Even if your foundational security setup is very strong, it may need adjusting in order to work just as effectively for your remote team.
You should evaluate and update your foundational security to ensure that devices can be accessed remotely for security updates and to back up data.
Start Employee Security Awareness Training
Employee security awareness training involves teaching employees safe practices to use online. Your employees are often a critical line of defense, and no matter how perfect your security controls are, there will always be a human element that can turn into a vulnerability without the right education.
Security awareness training should include:
- Phishing simulations to evaluate how employees would react to an actual phishing attack
- Engaging trainings to teach security practices in a way employees will remember and utilize
- Retention evaluation quizzes to gauge how well information is retained and put into practice
Get Comprehensive Cybersecurity for Your Remote Workforce
At AIS, we’re committed to helping companies achieve their highest potential by strategically building their IT. One essential element of that is cybersecurity, especially as remote work introduces new vulnerabilities.
We’ve helped many businesses transition to a remote climate, and we’re confident that we can help you create and enforce a comprehensive cybersecurity plan for your remote workforce. Contact us today to get started!