Ways you can stay secure while your employees are working from home
As much of the U.S. workforce shifts to working remotely amidst the coronavirus pandemic, companies need to consider how they’ll secure these employees.
While they may have spent time (and money) implementing on-premises security measures, they now need to extend it to their remote employees.
Hackers are aware of the transition and ramping up their efforts to exploit vulnerabilities.
One widely known example of this is a COVID-19 heat map that is actually a malicious site aiming to download malicious content on the user’s device.
While companies go through extensive security risk assessments to ensure they have a strong security posture and adequate protection, most home networks have not undergone the same scrutiny.
At The KR Group, we’ve always emphasized the importance of IT security, and the transition to a remote workforce doesn’t change that. In fact, it makes cybersecurity even more important.
There are four steps companies can take to protect their users while they’re working from home:
- Implement endpoint security protection across company devices.
- Require users to encrypt data in rest or transit.
- Use firewalls and DNS filters to ensure secure browsing.
- Segment your home network from other devices
- Educate your users on security best practices.
While there is never a way to ensure you’re 100% protected from threats and malware, implementing these four measures together will provide you with comprehensive security coverage.
Implement endpoint security protection
Endpoint protection is the last line of defense of being exploited, which makes it highly important.
By the time you’re relying on endpoint protection, hackers have already found a way through gaps and vulnerabilities. Now, they’re going after your sensitive data.
If a user downloads or opens malicious content, this level of security protects the malware from executing and wreaking havoc.
There are three forms of endpoint protection most companies implement to protect their and their user’s information at the endpoint level:
When most people think of endpoint protection, they think of antivirus software.
This layer of protection guards your laptop or desktop from a variety of malware, including viruses, adware, bots, bugs, ransomware, spyware, Trojans, and worms.
Next-generation antivirus (NGAV) provides the same protection but goes a step further by incorporating artificial intelligence and endpoint detection and response (EDR) to identify and stop malicious threats. Traditional antivirus, on the other hand, identifies threats by referencing a database, which makes it important to stay on top of updates.
For remote workers, having antivirus – or even better next-generation antivirus – will identify and stop and malware users download while working on their home networks.
Another well-known form of endpoint protection is anti-spam.
As the name indicates, this form of protection is designed to keep spam out of your inbox. This includes mass emails you don’t want as well as malicious emails, such as phishing scams.
Anti-spam filters these types of emails to prevent your users from opening malicious links and exposing their device to malware.
When face-to-face integrations aren’t available and email is vital to keeping in touch with coworkers, you need to ensure this avenue of communication is threat-free.
3. Intrusion prevention system
Another form of endpoint protection companies should consider when securing their remote workforce is an intrusion prevention system (IPS). The best way to think of IPS is as a preventative alarm system for your network.
This form of cybersecurity is analyzing activity on your systems (in the case of remote working, your laptop or desktop), logs suspicious or anomalous activity, and blocks and reports it to network administrators.
When working remotely, IPS continues to protect users from threats just like it would if they were using their device in the office.
Require users to encrypt data
Data is a huge part of every business, and encrypting it is one important way to protect your assets.
When you think of encrypting data, you need to consider its three different forms.
1. Data at rest
This data is stored, inactive, and typically infrequently used, such as databases and back-up files.
Security advisers will recommend disk encryption, like BitLocker, to ensure your company assets and proprietary data are protected.
This prevents malicious actors or anyone else who finds or steals your device from accessing these files.
2. Data in process
This data is actively being used and frequently changes. This includes files you may currently be working on, such as Word documents, Excel spreadsheets, or PDFs.
The risk of this data being accessed should be covered by endpoint protection. Since it isn’t being sent or stored long term, encryption doesn’t need to occur until it is in one of those phases.
3. Data in transit
Data in transit is data being sent from one device to another.
This can occur through a private network, such as uploading files to a shared drive via a VPN connection, or a public network, such as emailing files.
As virtually sharing data becomes the only way to directly send files to your coworkers, businesses need to consider implementing (and using) a secure key and certificate management to encrypt data.
Another security concern businesses should be vigilant of with their remote workforce is browsing habits.
When using desktop or laptops at home, users have access to their company computers outside of the office.
Individual company policies can provide guidelines for how their employees can and can’t use company devices. Additionally, users should always be vigilant that they’re only accessing secure sites.
However, to add a layer of protection, you may consider equipping your remote employees with firewall and DNS protection.
1. Firewall protection
You have two options for firewalls: virtual and physical.
Virtual firewalls are installed on the user’s device and monitor traffic (including browsing restrictions) for the device it’s installed on.
Physical firewalls are a piece of equipment and cover devices using the network they’re connected to.
Both of these allow you to protect your users from accessing malicious or suspicious websites.
2. DNS security
Another way to ensure secure browsing while your employees are working remotely is to implement DNS security. This tool identifies unsafe domains and then alerts and prevents users from accessing them.
The KR Group’s security team uses and recommends Cisco Umbrella as a DNS filter, which can double as a content filter.
You can also deploy Cisco Umbrella with agents (Umbrella Roaming Client) to provide security on remote devices.
Segment your home network
Not only are home networks more susceptible to attacks, but they also have different traffic than an office network. When you have multiple people in a household using the Internet at the same time, you are providing multiple pathways for attackers to get into your network.
Take a household of four, for instance. While you are trying to work on your laptop and access on-site files to do your job, your spouse may be doing the same.
Your two children may be using their tablets, computers, or gaming systems to stay occupied while you are working.
Remember all of your smartphones are connected to your home network as well.
If you have any IoT devices, smart speakers, smart thermostats, appliances, security cameras, etc., those are all connecting to the same network you’re using to remote access.
Do you see why this is risky?
Network segmentation is a way to separate your traffic (that’s trying to access remote files) from the rest of your household, and thus make sure you aren’t inadvertently exposing your company’s network from a hacker lurking on another device on your network.
In the end, none of the above forms of protection are 100% effective, though.
Since users are a company’s biggest vulnerability, educating them on how to spot, avoid, and report suspicious and malicious websites, emails, or content is vital to continuing to protect your information.
Going back to the example of the phony coronavirus heat map, ideally, the forms of security we’ve recommended so far would protect you from attack.
- Secure browsing would prevent you from accessing the website.
- Endpoint protection would identify and stop malicious content from being delivered.
- Encryption should prevent any malware on your device from reading sensitive files.
However, you wouldn’t have to rely on those layers of security if your user knew to verify the integrity and identified the link as suspicious or malicious.
If you’re looking for ways to educate yourself or your users on IT security, you can learn more in some of our other articles, including: