Cybersecurity awareness: businesses’ obligations to provide their people with cybersecurity solutions when remote working

Cybersecurity awareness: businesses’ obligations to provide their people with cybersecurity solutions when remote working

Author:
David Salsbury
Product Portfolio Manager - Security

The trend for remote working has grown steadily in recent years. But now, in the early months of 2020, it has, of course, skyrocketed; suddenly organisations are rushing to equip employees with all they need to work efficiently from home.

But restructuring your business's workflow can be a serious undertaking, resulting in unpredictable changes. While most workers are focusing on communication and collaboration tools, and seamless file sharing (which are all essential), there is another vital consideration to discuss: security.

Put simply: remote work can lead to a swift destabilisation of your business’s network security. In this article, we'll look at how remote work affects your business's network security and explore how you can maintain an optimal cybersecurity position during this time.

More people are working from home than ever before

We’re all eagerly awaiting “normal” work life to begin again. However, according to some reports, office life may never fully return to the way it was before. For example, many workers may choose to continue working remotely; others may be asked to, to help limit overheads.

With this massive change in our working environments comes new ways of thinking about how we view the workplace. Most prominently, what we define as being "company equipment" (where lines were blurred already).

Why do employees use personal devices when working from home?

There are several reasons why employees use personal devices when working from home, the simplest being that they're the only devices they have available. Not all businesses have the means to supply every employee with a laptop and/or smartphone, so if employees already have these devices, then businesses can cut costs by allowing employees to use their own computers.

There’s also lots of incentive for remote teams to use personal devices. They already know these devices' ins and outs, so there's no learning curve. And there's an element of tailoring and comfort when using a personal device as opposed to a company device.

The can cause an blurring of who is responsible for the security and who owns the data.

But benefits aside, the use of personal devices for work does pose an issue: who is responsible for the security of the device?

The short answer? Both employees, and the business.

But if we ask who will get sued the answer is clearly the company.

Corporate security systems are vital when employees are working remotely, as they could be accessing sensitive company files over unsecured Wi-Fi networks. The only way to ensure that this issue is never exploited is to create a secure company-wide, work-from-home system that all employees can use.

How can businesses protect their employees' devices at home?

Implementing a wide-scale, secure remote solution isn't as easy as it sounds. Not only does it require that everyone to use similar layers of security, but it means implementing network-level encryption, which can be difficult for those unfamiliar with such systems.

To help businesses get started, here are three ways to quickly improve the work-from-home security of your company.

1. Apply the corporate approach to the home

The straightforward approach is to treat all of your employees' personal devices the same way you would treat company hardware. This means taking the same security measures, maintaining an IT team for support, and providing your employees with the tools they need to implement strong security.

You should also outline, and distribute, clear security guidelines for your employees to follow. This includes things like:

  • Not using unencrypted/public Wi-Fi networks when dealing with sensitive company information
  • Not leaving devices with access to work-related files unattended (or unlocked), such as in a vehicle, or even at home where there could be multiple users sharing devices
  • Using strong, randomised passwords for work accounts, preferably with a password manager
  • Using firewalls and antivirus software
  • Keeping all devices up to date.

If your business already has support and security systems in place for the office, chances are this could be extended to cover employees’ personal devices too. This method of “piggybacking” a domestic product onto an already-established corporate product will substantially reduce complications with billing, infrastructure, and setup investment. Since you and/or your IT team will already be familiar with the corporate version of your firewalls and security systems, expanding that to your work-from-home staff will be much easier than purchasing and installing an entirely new service.

Plus, it’s an added benefit for staff members and their families — a bonus which, when rolled out appropriately, could boost team morale, engagement and productivity.

2. Use secure authentication

Strong authentication is another important aspect of remote security, and this typically means two-factor authentication, or 2FA. Which means that you need two separate things from something you know a password or pin number, something you have, your mobile phone or token, something you are a fingerprint or eye of face scan. Sometimes ‘somewhere you are’ is considered, but this is normally only used as a third factor. Microsoft Authenticator is one of the most common examples of what this looks like in practice, and it's a great tool to use for your business.

3. Provide corporate-level VPNs for safe remote access

VPNs, or virtual private networks, are used to encrypt ecurity extend your internal network to remote offices or users.

There are several services that offer corporate-level VPNs. Working with these suppliers would allow companies to provide all of their employees with a secure network connection, no matter which network they happen to be connected to. This is vital for employees that have access to sensitive files, accounts, passwords, and emails.

Often a remote desk top solution is delivered across a VPN, offered by companies like Citrix. A remote desktop allows someone to access the same “desktop” on their work computer, even while working on a different PC.

For example, say an employee has a computer at work and a laptop at home. With a remote desktop, they will have access to all of the same files, apps, and features on both devices. This allows the corporate computer to be maintained and updated with security features, which the person’s home laptop indirectly benefits from.

Remote working will be part of our new normal, so now’s the time to make it secure

If current predictions are anything to go by, we’ll see a larger number of employees working from home, at least part of the time, in the future. To protect your organisation, and your staff, from security threats, you need to act now.

If your business is looking to implement strong security measures for its remote employees, consider partnering with JT.

Other content you might be interested in: