Whether or not home working is the way of the future, remains to be seen. What is, however, very clear is that it’s almost certainly going to be the way of the next few months if not permanently for many businesses, so if you’ve yet to invest in managed IT support, here are some essential tips on how to ensure online security for remote workers.
Make sure everyone connects over a VPN
VPN stands for “virtual private network”. Using a VPN is also known as “tunneling”. This is because a VPN is essentially a secure tunnel through the public internet. A robust VPN is essential for any company using remote workers.
Keep all equipment up-to-date
If you’re employing remote workers, then you should be providing and maintaining their equipment. If you’re allowing freelancers to connect to your network, then you should be setting contractual rules about the condition of their equipment.
In short, you need to ensure that all computers are using a current operating system and have applied all relevant patches and updates. If they are using locally-installed software, then this also needs to be current and have all relevant patches and updates applied.
The computer should also have appropriate security software. As a minimum, this should include an antimalware program and a firewall. Employee computers should also be protected by an email-scanning program.
Enforce really strong authentication
Firstly, you need to put a stop to weak passwords. In the real world, it’s very difficult to do this just by using standard password guidelines. The reason for this is that these often encourage employees to use strong passwords, thus turning them into weak ones.
You can, however, do this by combining strong password guidelines with the use of a reliable password manager. A reputable password manager will pick up when employees are reusing passwords and can put a stop to it. They also vastly reduce employees’ motivation to recycle passwords in the first place.
Even with a password manager, it’s advisable to use two-factor authentication. There are three main ways of implementing this. These are to use an RSA token, to use SMS messaging, or to use an authenticator app.
For small businesses, the authenticator app is usually by far the best option. It’s more affordable than issuing RSA tokens (which can be lost) and more secure than using SMS.
Train your employees to protect themselves
Modern cybersecurity software is very effective against old-school “spray and pray” attacks. It is, however, much less effective against new-school targeted attacks. These lean heavily on using social engineering to gain entry to a company network (or premises).
Remote employees can be particularly vulnerable to these sorts of attacks. This means that you need to protect them, and your business, by providing relevant training. Ideally, this training should be refreshed regularly so that it is both up-to-date and fresh in an employee’s mind.