How to maintain security when employees work remotely?

How many people can say the business they work in today is the same as it was in 2019? Consider how even the words work “in” are no longer relevant for so many employees.

One of the biggest changes in 2020 was the wholesale shift of so many workers from offices to homes. Before the pandemic, some businesses had remote working policies in place, but it’s become a mainstay for nearly all of them today.

While the rapid migration to remote working is playing a key role in helping businesses trade through the pandemic, it’s also brought some challenges – particularly with security.

People are your strongest defence

Employees can often be targeted by cyber criminals seeking to gain access to a company’s network and data. But if they have the knowledge and training to fight off those attacks, they can beat them back at the furthest edges of your business.

Helping employees to understand the types of risk that are created by remote working and how to deal with them is one of the most effective forms of cyber defence there is.

The 2020 Security Priorities Study by IDG found 36% of security incidents were caused by remote employees falling victim to phishing or other non-malicious violations of security policy. A further 29% of security incidents involved unpatched software vulnerabilities.

The Ponemon Institute issued a separate report, Cybersecurity in the Remote Work Era: A Global Risk Report, which found:

• 71% of organisations are very concerned remote workers were putting the business at risk of a data breach.
• The most frequent attacks since the onset of COVID-19 have involved credential theft (56%) and phishing/social engineering (48%).

This is understandable. If your business had problems with employees following security policies when they were inside the building, how much harder is it when they’re miles away and on their own?

Your business needs to ask:

• Are employees aware of your cybersecurity policies for remote working?
• Are they supportive of those policies?
• Do they understand why they are there and what they are there for?
• Are the policies fit for purpose?
• How confident are employees in your ability to address security challenges?
• Are employees using approved devices to access the network?
• Are any using their own unsecured devices?
• Are they required to use authentication to access the network?

Are your endpoints secure?

People are a security risk, but only if their devices give cyber attackers access to corporate networks and data. Remote working greatly expanded the number of endpoints outside the office and the network perimeter. This raises some important questions:

• How secure are those endpoints?
• Is your endpoint security effective and comprehensive?
• Does it work across all endpoints, irrespective of user, device branch or location?
• Can it identify and respond to threats before they spread across the network?
• Are your employees aware of the risk of threats to the endpoint?
• Is the endpoint security on devices kept up to date with patches?

Unified endpoint management is one means for your business to control PCs and mobile endpoints with a single pane of glass management interface. You can push updates to those devices, apply security policies and remotely wipe all applications and data if the device is lost or stolen.

Protect your corporate data

With so many employees accessing the corporate network and data from remote locations that are often less secure than company premises, your business needs to take a close look at how it protects and secures confidential and sensitive data.

According to the above-mentioned IDG report, 59% of businesses revealed that access to business-critical applications has increased. This is concerning, as data security and integrity are vital for modern companies.

• How does your business prevent data from being shared or leaked from remote devices?
• How do you ensure data accessed by home-based devices is not viewed, accidentally or otherwise, by other users of the device in the household?
• How can you ensure company information and intellectual property, customer data and personal information does not escape from network security controls?

With so much data being transported outside the centre, your business needs to make sure that connectivity between the network, your employees and applications in the cloud is secure, robust and reliable.

Vodafone Business can strengthen the security of mobile devices accessing the corporate network and ensure regular patching and updates through our mobile device management service. We can also help you develop world-class security strategies to safeguard data and protect assets in the cloud.

Learn more about our security services.