How to overcome the cybersecurity risks of remote working
Hi,
I’m Patrick Wake, Group Director of Information Security at FDM Group.
As businesses continue to navigate the complexities of remote work, it's imperative to adopt a proactive stance when it comes to cybersecurity risks.
From an increased difficulty in managing IT assets to ensuring adequate protection of endpoint devices on potentially untrusted and malicious networks
In order to protect their organisations and employees, business leaders with remote workers should adopt security measures and cultivate a cyber-conscious mindset company-wide.
Whilst most people relate remote working as working from home, what we really need to be thinking about is the ability to securely work from anywhere. This could be your home office, on your commute or the local café. From your mobile phone, Laptop or Home PC.
Ignoring the looming cyber risks in a remote work setting can lead to serious consequences. Data breaches can expose confidential information, financial losses can be crippling, and the damage to one's reputation can be irreparable.
Fortunately, there’s plenty to be done to overcome remote worker security risks, from building strong identity frameworks and remote connections educating remote workers about cyber hygiene.
Here are five of my tips to help overcome the cyber security risks of working from home:
1. Connecting people to their data
The days of considering your organisation's IT estate as a castle, feeling safe behind its walls are well and truly behind us. With an ever-increasing digital life with access to company information via multiple online web portals, such as booking annual leave on HR systems to checking your payslip, all of which can be done from your mobile device anywhere in the world, it has become imperative to implement IT services with security and privacy by design.
By focusing on Identities and the roles of members of staff, you will be able to control access to your data in a more granular and secure way. This can be through implementing Identity Access Management (IAM), where a series of controls can ensure that only authorised people have access to specific resources outside of your office environment, Controls like Multi-Factor Authentication, Single Sign on, Role base access control will provide a strong foundation to build on. However, not all controls are technical in nature and good business practices such as not sharing accounts, having unique ID for each member of staff and sticking strictly to the principle of least privilege, where staff only have access to the information, they need to conduct their responsibilities.
2. Managing Assets and OS hardening
Whilst securing your devices is of great importance, I believe it is more important to know how many you have, and that you can confirm you are securing all of them to a high standard rather than the ones you can physically access in the office.
Recommended by LinkedIn
Managing assets has never been an easy task, and whilst most people imagine this is as easy walking around the office counting devices, this is now almost an impossibility with devices on the move all around the world, let along the ones turned off left in lockers and draws.
To manage these devices it's important to use technologies such as mobile device management (MDM) and configuration management database (CMDB), these will enable organisations to know what systems they are responsible for and what condition they are in.
To continually keep devices secure, it is important that organisations have the ability to push updates and configuration changes to them whenever they are online.
3. Edge and Zero Trust
With more businesses allowing employees to use their own devices, commonly known as BYOD, it puts a lot of emphasis on the business to trust that their staff are making the right decisions. Such as ensuring that employees' devices are up to date, have a good antivirus and have strong passwords.
However, to keep critical infrastructure secure and available to people potentially across the globe, it is important to separate untrusted devices from the rest of the network. This can be done by reverse proxies, edge computing or connecting to remote virtual desktops and working from a safe provided instance with no ability to copy and paste or download sensitive information to the local machine. Or perhaps the use of managed browsers to enforce security controls and data loss prevention, to safeguard sensitive information but allow access to company productivity suites like office365.
4. Trusting the network
When using a public Wi-Fi or internet connection, try and make sure it is a legitimate service being offered. Airports, café and hotels are targeted with fake networks trying to pry sensitive information out of your traffic and can also use this connection to target your device.
To protect your device, it is important to make sure that you are using the aforementioned technologies, but furthermore, also ensure that you have sharing services turned off and that your firewall is turned on.
5. Educate remote workers about cyber hygiene
Creating a secure digital environment isn't solely the responsibility of IT teams; it's a collective effort that involves every employee. Encouraging a culture of vigilance starts with promoting the reporting of any suspicious emails or other activities to the IT department. This ensures that potential threats are swiftly identified and addressed.
However, knowledge is the ultimate defence. In this landscape of digital deception, understanding the nuances of social engineering tactics is paramount. From phishing to pretexting, recognising these manipulative techniques empowers employees to detect and evade such traps. By staying informed and vigilant, employees can actively contribute to maintaining a resilient cybersecurity posture and protecting sensitive information from falling into the wrong hands.
#CybersecurityAwarenessMonth #SecureOurWorld
