By Sheila Carpenter, Zix
I’ve been working in IT Security for over 25 years, and even so, 2020 brought with it changes I never would have predicted. Along with the rest of the world, Zix | AppRiver was forced to become a fully operational remote workforce in just one week when the pandemic took hold.
Thankfully, I’ve spent my career focusing on compliance, business continuity, running IT, cloud offerings, and supporting customer-facing services, so getting our employees to a place where they could work remotely in a secure way allowed me to draw on my greatest strengths as an IT professional. As I mentioned back in March of last year, being an early adopter of cloud solutions in addition to having a comprehensive crisis plan also helped in making the transition a relatively smooth one.
Even so, I’ve learned—and reaffirmed—lessons over the last year-and-a-half that would be useful to anyone trying to improve their work from home security, pandemics notwithstanding.
While most businesses have had no choice but to figure out how to go fully remote, some of these transformations came at the expense of sustainable security. For any businesses planning to look at remote work as a long term strategy, it’s time to reassess any “band aid” solutions that may have been applied and look at ways that security can be prioritized permanently. Here are the top lessons I’d like other businesses to keep in mind as they transition to a fully remote workplace.
Perhaps the number one security risk for workplaces with a remote workforce is employees using a connection that’s not secure.
While in the early days of the pandemic, most employees were home-bound, there is a higher likelihood now that they could be logging in from a cafe or other public Wi-Fi network. Public Wi-Fi poses a very high risk for malicious activity; hackers can easily take advantage of weak security to steal confidential information this way.
Your best defence in this situation is enabling a virtual private network (VPN) and communicating to your employees the importance of using only safe connections. In a survey of 100 IT professionals that we conducted along with Pulse this year, 38% of respondents reported that a VPN solution was the most important aspect of their overall workplace security, but 21% of respondents reported that their VPN was the IT solution they were least satisfied with.
Not having a safe and secure VPN solution in place now will only cause more problems down the road.
While there’s no surefire way to keep hackers from trying to access your company’s sensitive information, you can make it harder for them to do so.
MFA offers an additional step beyond just a password that adds an extra layer of protection for users (and ultimately for your business). While a password could be compromised at any time, enabling MFA adds additional steps to this process to avoid any damage being inflicted as a result of a compromised password.
By using MFA, users will be asked to verify their identity on a different known device. While this measure isn’t 100% foolproof (no security measure is), it can go a long way in keeping everyone’s information and data safe.
When working remotely, sometimes it’s easier for employees to communicate using their own personal cell phones. This is especially true for any workforce that needs its employees to be on the move or complete site visits.
If you have employees who need to use a mobile device for work, consider using Mobile Application Management or Mobile Device Management. Both of these solutions can help govern business communications and systems used on the phone.
These solutions can also be used to clear a phone of its contents if an employee leaves the company or if a device is stolen, ensuring that your data will be kept safe in the event of a worst-case scenario.
It’s very important for remote workplaces to ensure that they’re regularly backing up company data to the cloud.
In the case of a data breach or ransomware attack, data can be locked down without you being able to access it, causing you to lose data on your email, CMS platforms, or any number of important servers housing sensitive information (for an example of a company that went through this very thing, check out our story on what happened to Cozad Community Health System when they were hit with a Ryuk attack in the middle of the night).
A cloud backup solution makes it easy to automatically back up data and recover it from another system at any point in time. Backing up to the cloud also ensures that your information is kept safe in the unlikely event that a disgruntled employee may try to leak or delete important company data, never to be recovered.