SEE ALSO >> IT Solutions & Managed Services
In light of ongoing concerns about the COVID-19 pandemic, remote work appears likely to be with us in some form for the foreseeable future. So, it’s important for your company to ensure that your connections to employees working from home remain as secure as possible. Many of these practices are also beneficial when employees are working at your workplace.
Focusing on connections
How and when do employees connect to your corporate network? While no solution will eliminate every risk, taking multiple security steps will make gaining access to your network and information more difficult for those who shouldn’t have it. Possible steps include:
Having employees use business-issued devices when possible. This typically is more secure than allowing them to use personal devices. You can secure the devices at the start and then regularly update the security features and control the applications placed on them to keep them protected.
Implementing strong “bring your own devices” (BYOD) policies. If requiring all employees to use only work-issued devices isn’t practical, take steps to secure employees’ own devices. Require employees to register with the company and secure any devices they’ll use to access the corporate network.
Choosing the best system for employees to connect with the company’s network. One way is through a virtual private network (VPN), which encrypts data as it’s sent and then decrypts it when it’s received. This makes it more difficult for unauthorized individuals to access the data.
Implementing dual-factor authentication. As its name suggests, this requires employees to demonstrate their identity in two ways. So, in addition to entering a user-name and password, an employee may have to enter a code sent to his or her cell phone. This reduces the risk someone can impersonate an employee to access the network.
Using role-based access control (RBAC) and the principle of least privilege. These limit access to applications and confidential information so that only employees who truly require particular information are able to gain access to it. For instance, under RBAC, employees in the accounting department typically require different applications than those in the human resources department. The same principle can be applied within one department — for example, in the accounting department, junior employees would have less access to specific accounting applications and information than the controller would.
You also may want to consider technology-based security strategies. For instance, your business may benefit from deploying a malware solution, which uses specific computer programs to detect the presence of malware (short for malicious software) or viruses (a type of malware that self-replicates and inserts itself into other programs). Then, these programs remove the malicious software.
Another possibility is to use a mobile device management (MDM) solution, with features, like device tracking, that enable IT administrators to control and secure your organization’s mobile devices. To respect employees’ privacy, some of these allow users to separate their work and personal profiles. In addition, if a device is lost or stolen, many MDM solutions allow you to erase the data on it.
In general, it’s a good idea to practice “cyber hygiene.” On an ongoing basis, train employees in security best practices:
- Require using strong passwords and changing them on a regular basis, such as once per quarter.
- Emphasize the need to use discretion when opening attachments.
- Discuss phishing schemes, in which criminals send emails purportedly from legitimate sources to gain confidential and/or financial information, and address ways to avoid being tricked.
- Remind employees not to let others use their corporate-issued devices — and not to use corporate-issued devices for personal business — both of which raise risks.
Finally, despite your best efforts, a breach may occur. Make sure you establish procedures in advance for handling a breach. This should include steps for investigating, containing and recovering from the breach, and for communicating with any affected parties.
Layering your defenses
While no single action can guarantee total security, the more layers your security defense has, the more likely it is that a breach that penetrates one defense can be stopped by the next. Get professional advice from your Belfint advisor to determine which practices and solutions fit your business.