24 Nov How to maintain a secure IT system when employees work remotely
Working remotely offers great benefits to your organisation but also brings with it some risks to your IT security. Maintaining a secure IT system will help your organisation ensure business continuity, compliance and risk management. As a business, you want to put the right measures in place to ensure your employees and information are safe while working remotely.
In today’s modern workplace, working from remotely has become the norm, rather than the exception, but like many businesses, you may not have the necessary remote working policies in place to support this new mode of working. When your employees work remotely, your IT systems are opened up to vulnerabilities that wouldn’t be as prevalent when they’re working in the office on your secure network. This means that in order to fully protect your organisation, it may be necessary to update any policies and procedures you already have in place to fully cover the new mix of on premise and remote working.
There are many risks associated with remote working, one significant issue being employee behaviour. When working from home or in a remote location, employees’ barriers can drop. They become more relaxed with the devices and accounts they’re using in the comfort of their own home or in a public space. Creating and implementing sufficient IT security systems and best practices will reduce the risks associated with employees working remotely.
You may work with a cloud service provider and software applications so your employees can collaborate effectively and efficiently when off-site. This is especially important when working remotely but you may need to ensure that your software is scalable for more users. To remain productive and well protected you may have to introduce new technologies so your employees can access the data and applications needed to fulfil their roles securely.
Criminals want to gain access to sensitive and business-critical data to breach, damage or destroy your information. There are also issues surrounding data protection, specifically GDPR, and the theft of devices. If your team members carry out work in a public place among people not part of your business, there is the possibility that passwords, devices and information can be stolen.
5 ways to maintain a secure IT system when working remotely:
1. Create and distribute your remote working policy
To outline your organisation’s remote working best practices, you should develop a remote working policy if you haven’t already. If you do already have a remote working policy, you should review it to ensure it’s relevant on a larger, organisational-wide scale. Your remote working policy should outline how to access your network safely, create strong passwords, set up two-factor authentication, encrypt new and existing data, and any other elements relevant to your organisation.
You may choose to include a section on cybersecurity in your remote working policy. You could mention the risks discussed above and how employees can remain astute when working outside of the office. Ensure your team members know how to protect their devices and the data stored and accessible on them.
2. Use two-factor authentication where possible
Two-factor authentication acts as an extra level of protection between the end-user and your data. Users must provide a password and a second identifier in order to gain access to data. This is particularly important if devices are lost or stolen. Even if a criminal has compromised the password to the account, they will have to give another level of authentication, which is where they will be prevented from accessing your data.
Two-factor authentication can be anything from a PIN, password, code, combination, question or code word. You could even use a physical identifier like a fob or key. For guidance on how to implement two-factor authentication, take a look at the NCSC’s guide.
3. Restrict user access and encrypt data
As mentioned above, the end-user is one factor that can put your data at risk. Over privileged accounts can open up your data to those who may put it at risk of malpractice or deletion. You should regularly review users to ensure you only provide access to team members who need it to fulfil their job roles.
Encrypting all of your data where possible will ensure your information can’t be seen by those without permission to view it. Your cloud service provider may offer encryption when uploading data to the cloud, but it’s wise to encrypt your data before moving it to the cloud. This will ensure there’s a level of security on your data and accounts should devices be lost or stolen, or your network compromised. You may also wish to place restrictions on the use of removable devices such as memory sticks. Use of such devices can be prohibited, or at the very least, only permitted where encryption is in place.
4. Train your employees on remote practices
To make sure your employees understand how to use the software and applications required to do their roles efficiently and effectively remotely, you may have to provide training. Training sessions could include how to use your key collaboration tools, how to access the network or how to set up their remote workspace.
You could create a written guide, tutorials and demonstrations providing support. If you’re short on time or can’t create your own resources, you could compile a series of useful links and existing websites that are relevant. These resources should be accessible at any point to ensure your team can read the best practice advice when they need it.
You can also use a Phishing simulation tool to test your employee’s ability to recognise suspicious emails. This type of tool randomly sends harmless simulations of the latest types of phishing attack, such as those designed to steal employee user credentials for the purpose of maliciously accessing corporate data and systems. Where employees are taken in by a phishing attack simulation, the tool will provide educational resources to help the user better recognise this type of attack in future.
5. Establish reporting procedures
It’s important that your employees feel comfortable reporting any security concerns they have remotely. Your team members should follow the reporting procedures outlined in your remote working policy. You must also ensure they feel safe enough to report an issue, and not feel pressure or blamed for an incident.
If you haven’t included reporting procedures in your remote working policy you should do so. This will help your team understand the process of communication, who to report concerns to and what steps to follow to minimise risk to data.
To mitigate risks to your IT systems, there are a number of measures you can put into place. These measures will ensure that your employees are clued up on remote working best practices and the risks to your cybersecurity. During the coronavirus pandemic especially, malicious attackers are taking advantage of remote workers and organisations’ weak cybersecurity systems. Apogee can support your remote security with expert IT solutions.