Securing the Remote Worker

RegoCorporate

secure remote working landscape

Creating a secure remote workspace

With the global COVID-19 pandemic continuing to have an impact on our daily lives, organisations have been forced to adapt to life with a remote workforce. There will be growing difficulites in securing the workforce due to the situation, and for many this will prove even more challenging with new technologies introduced and employees having to adapt to new processes and software.  

Worryingly, cyber criminals have already began to take advantage of the current situation. We are seeing a surge in online scams via phishing attacks and an increase in attacks against remote working applications such as instant messaging, video conferencing and virtual private networks (VPN) solutions. So, what are the risks and what can be done to counter act them?

Risks of Remote Working

Introducing remote working can cause additional risks to businesses if their employees are unaware of best practices. Furthermore, the security of the remote workers home network is often overlooked, in particular when there is not an official work from home policy in place.

Some of the primary risks to consider:

  • The physical security of the remote location an employee is working from.
  • Lack of user awareness and training regarding working remotely.
  • Lack of home network integrity due to default router configurations and Wi-Fi setups.

Secure Remote Working

Establishing a working from home policy and additional guides is the best way to secure remote working solutions, providing both advice and support during these changing times.

Some of the key areas to address:

  • Create an asset register of all devices deployed including software needed to support remote working.
  • Create setup guides for laptops, software and how to securely configure them.
  • Provide documentation and guidelines on securing the home network.
  • Define a procedure for staff on what they should do in the event of a security incident such as a lost or stolen device.
  • Implement a mobile device management (MDM) solution to remotely lock and erase data in a lost or stolen device scenario.

Once policies and supporting documentation have been established, the focus can shift to getting the workers setup with the correct tools.

Using Tools for Remote Work

There are inherent risks associated with remote working, including securing laptops and the data they hold, to software compromises. This can lead to workers who lack familiarity of new software falling victim to social engineering attacks.

Tools that will help enable and protect remote workers:

  • Firewall and AV – Ensure these are enabled and the latest updates applied.
  • Encryption – Encrypt hard drives with native tools or use trusted third-party software.
  • Operating System (OS) – Update the device OS and programs with the latest patches.
  • Virtual Private Network (VPN) – Implement end to end encryption to protect data and allow employees to securely access internal resources.

From an equipment prospective, the above will help place your workforce in a better state for remote working. However, what should not be overlooked is the growing threat from social engineering attacks, including:

  • Phishing (Email Messaging Scams)
  • Smishing (SMS Messaging Scams)
  • Vishing (Voice Calling Scams)

Give thought to training and providing documentation to staff highlighting these forms of social engineering attacks to get your team thinking about these threats. Cyber criminals will often attempt to instil a sense of urgency and exploit the human emotion, sometimes posing as authoritative figures including state or government officials.