Remote teams are the biggest security risk to your organisation. The threats can be underestimated when considering your organisation's cyber security risk, along with the potential consequences of an employee mis-managing corporate resources outside of your network. And if it's information about your clients, GDPR requires you to keep their details safe.
Making sure your remote employees remain protected is essential to the overall security of your organisation. You need to make sure devices do not introduce malware (or other cyber threats), while commercial and sensitive business information remains secure and protected.
1. Make use of the cloud
The cloud is a beneficial way of ensuring your data is kept secure when working with remote teams. It’s much more difficult for cyber attackers to break into the cloud, while it also makes it highly unlikely that your workforce will lose any of their or the organisation's sensitive data.
There are also paid systems which are available to encrypt your cloud storage to add increased security.
2. Review password security
While this is seen as a simple method, it remains as one of the most important ones for securing the data of your business. Ensuring you have an effective password policy, effectively enforced and policed across your organisation is an essential foundation for your security. The latest password guidelines from NIST advise the following:
Use multi-factor authentication, if available
Use a phrase with multiple words - which you can picture in your head
Require a minimum of 8 characters
Check new passwords against a dictionary of known-bad choices
Protect your most important accounts with a unique passphrase
No more periodic password change requirements (without a reason)
3. Manage use of public Wi-Fi
Public Wi-Fi is relatively easy to break into by attackers. In fact, it's one of the primary ways hackers gain access to sensitive information. You should avoid connecting to unsecured networks at all costs. However, you could use a corporate VPN or a cloud-based solution, such as Zscaler's Cloud Security platform, which delivers a cloud-based security stack to maintain security, wherever you connect from - across public Wi-Fi, in the airport, cafe, or at home.
Your employees will need to use public Wi-Fi at some point, especially if they are travelling for work purposes You want your teams to be able to use it safely rather than not completing work and decreasing productivity. So, how can this be achieved?
Don’t use it for sensitive, business-critical activities. Finishing a presentation or amending a document is understandable, as long as nothing worked on, opened or logged into, including any data you need to keep secure. A document on dress code policy is not something you need to worry about opening, but a spreadsheet containing your clients’ email addresses or other personal information would be worrying.
You may even find it useful to compile a list of applications which are approved for your teams to use when using public Wi-Fi.
4. Restrict use of public computers
As a general rule, you shouldn’t allow your remote teams to use public computers for business work. Even accessing work emails on a computer in a cafe or hotel can be dangerous and opens you up to a multitude of possible threats. You will be unaware of the types of malware that could be on the computer or even the security measures that are in place, if any. To take this further, you won't be aware of potential spyware that might have been installed by a previous user looking to find sensitive information.
Due to lack of knowledge of what’s been installed by malicious users, it really is best to avoid the use of public computers by your remote employees.
5. Manage USB drives
Secure your corporate data by restricting the use of USB drives. This shouldn't only be the case for public computers, but it should be a necessity for each employee. USBs can be easily misplaced by remote works and are free for anyone to open if found.
Remote workers should also be aware of the risks of introducing malware to the network, whether by using someone else's USB stick, or other unverified sources. The USB port is an open door for attackers if they are able to plug something in.
6. Ring-fencing corporate data
Ring-fencing occurs when a portion of your company's assets and data are separated, without it necessarily being operated as a separate entity. So, this allows individuals who have access to locate a volume of data on different hardware. Confidential data can be split into various files. These can then be saved on separate devices so, with this method, only individuals that know how to access this data can do so.
By ring-fencing data, those without relevant access will be unable to open any sensitive files. This is because the files are incomplete, so files need to be brought together so that they can work and can be accessed. This is another beneficial method to use to further secure your sensitive data, as even if a small section of data has been accessed, it simply won't make sense without the remainder of the secure files.
7. Control mobile devices
The power and convenience of smartphones and tablet makes these devices the preferred choice, and not just for your remote workers - hackers have seen the soft opportunity presented by mobile devices. With the big increase in mobile-borne cyber threats, as well as introduction of GDPR, organisations have realised they require similar controls for mobile devices as are applied to the corporate network.
The implementation of a mobile device management platform, like IBM's MaaS360 is the essential step to take control of your mobile devices, including employee-owned (BYOD) devices. So, you can update firmware, manage and update apps, monitor for malware and much more - from a unified platform.
8. Conduct training for your staff
The best option for maintaining your data security when working with remote teams is to train your employees, especially those who will be working remotely. You should regularly inform your teams of important security protocols, as well as common hacker strategies, such as how to spot phishing emails. A study by Cisco showed that 70% of data breaches in organisations stemmed from employees doing or accessing something they shouldn't have. The employees weren't doing this maliciously, it was through lack of knowledge. Keeping your remote teams trained and informed is the number one way you can keep your data safe and secure.
How can you keep your data secure?
Security does not rely on one single solution, though. It requires a multi-faceted approach. Any single solution is open to vulnerabilities, so having a series of fail-safes is essential.
Operating 24x7x365 from within our high security Tier 3 UK data centre, Comtact's state-of-the-art Network & Security Operations Centre (NOC/SOC) helps many of the UK's leading organisations remain 'Always On', Always Secure'.
Why not take the first step and talk to one of our network or security experts about the steps to secure your remote workers?
- Getting ready for Cyber Essentials PLUS certification
- 5 steps to get your business ready for Cyber Essentials certification
- What is a Vulnerability Scan and does my company need one?
- The 5 critical security controls of Cyber Essentials PLUS
- INFOGRAPHIC: The 8 most common type of cyber attacks
- INFOGRAPHIC: How to create strong passwords (you can remember!)
About Comtact Ltd.
Comtact Ltd. is a government-approved Cyber Security and IT Managed Service Provider, supporting clients 24/7 from our ISO27001-accredited UK Security Operations Centre (SOC).
Located at the heart of a high security, controlled-access Tier 3 data centre, Comtact's state-of-the-art UK Cyber Defence Centre (SOC) targets, hunts & disrupts hacker behaviour, as part of a multi-layered security defence, to help secure some of the UK's leading organisations.