How To Secure A Remote Workforce
How do I keep my company secure with a remote workforce?
How do I keep my company secure with a remote workforce?
One of the only constants in IT, is change. And over the past few months, IT has been tasked with gargantuan task of keeping large, not-so-well prepared companies afloat in these strange times. The rapid shift to remote work forces has taken everyone by surprise. Moving large numbers of employees to their home offices so they can continue their work is vital to ensuring business operations during the corona virus pandemic. While that shift may sound simple, ensuring that you are properly protecting your company and information security can be a tough task. And with all the changes happening in such a short time, often times security and compliance can fall by the wayside to make extra time for day-to-day operations to get completed.
So how exactly do you keep your company safe from cyber threats when everyone is at home, connecting from all over the country into your corporate network? Here are some of the highest priority items we recommend you focus on when shifting your workforce remote.
Remote Workforce Policies
Information security policies can help you define what functions employees are allowed to perform remotely, how they will perform them, and how to keep those functions safe and secure. Every company is different when it comes to implementing work-at-home processes. Some companies may issue every worker a company laptop, secured and controlled by the corporate IT department, while smaller companies may just allow works to use and maintain their own computers.
For remote workers who use and maintain their own computers, its critical to set out some basic security standards that each worker must configure and follow on their home computers.
Here are some recommended policies for employee owned remote PC’s.
- Enable Full Disk Encryption such as BitLocker for Windows or FileVault for MacOS.
- Require employees to require a strong password on their computers.
- Require users to create a second user profile on their computer dedicated to company use, keeping their home and work user profiles separate.
- Have employees enable a screensaver after 30 minutes of inactivity that requires a password once locked.
- Require employees to utilize a trusted Antivirus software on their computer and perform scans each morning.
- Require employees to only use company email while working on company work, include basic 1-page instructions on how to log-in and use company email properly.
- Require employees to update their company computer each week with new OS and Software updates.
Training is essential
Your company is only as secure as its weakest link, and that link is almost always the people. Training is one of the easiest ways to dramatically improve the security of your company. Basic security training helps employees operate securely and gives them the skills needed to identify and avoid common security pitfalls. We highly recommend every employee be required to undergo computer security training at their start of their time working from home, and then at least each year afterwards. There are several ways and methods for training your workforce, but ensure whatever training solution you adopt, its easy to use and that every employee gets trained.
Train your employees on:
- Approved company software they should be using to perform their jobs
- How to properly secure their home computer
- How and when to properly update their home computer
- What approved company communication channels are, such as company email addresses, team meeting and conferencing software and collaboration tools such as Slack or Microsoft Teams.
- How to identify and report Phishing attacks and scams
- How to securely save and share company data. Use secure drives, no emailing of sensitive data.
Utilize Technology Wisely
With a large remote workforce, you will rely on your technology more than ever, so take care of it and use it wisely.
Ensure that your systems that handle employee authentication and user rights, such as Active Directory or a third party directory systems are clean and organized. Ensuring that no extra accounts exist, that all current employees have proper rights and are organized in a manner that is easy to administer is key to identifying problems. A clean directory structure allows allows you to find rogue accounts, disable accounts quickly and ensure everyone has the proper access levels.
Technology is also important for managing large numbers of remote devices. Technologies such as modern Mobile Device Management systems are critical to managing large numbers of remote devices, laptops, tables and phones. MDM systems allow you to apply standard security settings across all devices, protecting your network and users. MDM systems can also make the deployment and configuration of anti-virus software effortless across large mobile workforces. A well maintained anti-virus software is vital to ensuring your network stays safe and secure.
Securing a large remote workforce of mobile devices can be daunting and the thought of end-user managed devices connected to your corporate network can be frightening. Laying out some basic security policies for employees to abide by, properly training a workforce to identify issues and on good security practices and by utilizing technology to help make management easier, you can ensure your corporate network is properly secured in these strange times.
Don’t hesitate to reach out to us, Adsero Security, for any questions about securely managing a remote workforce. We’re always here to help.