For IT Professionals: How to Maintain Data Security with Remote Employees

JANUARY 28TH, 2021

In early 2020, tens of millions of workers left the secure perimeter of their offices and set up shop at dining room tables and in spare bedrooms. Remote work, once a perk enjoyed once or twice a week by select upper-level employees, became the new normal for almost everyone whose job could be done on a computer.

This sudden shift in how we work initially created chaos for many IT teams that weren’t sufficiently prepared to handle or secure a distributed workforce of this size. 

How Remote Workers Broadened the Enterprise Attack Surface Overnight

Outside of the company firewall and without time for IT to configure the necessary security infrastructure, remote workers created an ideal environment for cybercriminals to practice their craft. 

In the early days, ensuring employee productivity was a primary business goal. Workers still needed access to company files and business applications, which meant they needed to remotely access the network, usually via VPN or RDP. As luck would have it, RDP and VPN are popular attack vectors, so Christmas came early for cybercriminals.

 

Further muddying the waters was the question of how to safely handle data storage and sharing with employees scattered to the winds. This was particularly challenging for organizations that still relied on on-premises data storage and backups.

And last—but certainly not least—we had the human element.

Most organizations didn’t have enough laptops to go around, so employees used their personal devices and equipment for work. These devices were often shared by multiple members of the household, which made it difficult to control which sites users were visiting and what files they were opening. Even more frustrating was the fact that these devices were connected to home internet networks that are far less secure than those configured and maintained by the company IT specialists. 

At home, employees had kids, spouses, home school, and housework all vying for their attention. These already-distracted employees were also scared and looking for answers to a million questions. This vulnerability gave rise to a wave of pandemic-themed phishing campaigns and a 72 percent increase in ransomware attacks.

How to Secure Remote Workers for the Long Term

Fast-forward to today, and it looks like remote work—at least at some level—is here for the foreseeable future. In the months since workers scrambled to cobble together a home office, we’ve learned a lot about what it takes to secure remote workers and protect company systems, applications, and data. Here are six best practices that will help create a more secure perimeter even when it’s highly distributed.

1. Educate employees.

Even pre-pandemic, human error accounted for a high percentage of successful cyberattacks. 

Given the number of remote employees who are using their personal devices for work or their work devices for personal activities, it is crucial to train the entire company on good cyber hygiene. Focus on safe internet surfing practices, how to identify suspicious email attachments, and what to do if someone clicks a malicious link. 

2. Invest in secure backup and data loss prevention.

SaaS solutions like Microsoft Office 365 are wildly popular, especially now that remote work has become mainstream. 

If your business is one of the millions that rely on Office 365 or the like, be sure you invest in third-party backup and data loss prevention. Microsoft and other SaaS providers often utilize a shared responsibility model for using their products. In short, that means the service provider ensures the infrastructure stays up and available, but the customer is in charge of protecting their own data.

3. Keep cybersecurity technology up to date.

Cybercriminals are constantly evolving their tactics, which can make it hard for old cybersecurity solutions to keep up. 

Many companies are still running a mix of cloud and on-premises servers and workloads, which makes it even more crucial to do your cybersecurity due diligence. Sophos-powered solutions like those offered by Arcserve take security a step further by integrating both cyber and data protection for your on-premises, cloud, and SaaS-based data.

4. Secure remote access.

Securing remote network access points is one of IT’s biggest challenges, especially given the popularity of exploiting FTP and RDP weaknesses for criminal gains. 

With so many employees now outside the confines of the company firewall, many companies are taking the new route of making the people the perimeter. Identity and access management best practices, such as zero trust, multi-factor authentication, and least privilege policies, help IT create an identity-driven security perimeter to maximize data protection.

5. Establish a disaster recovery and business continuity plan.

One of the best ways to protect your organization from both internal and external threats is to have a plan in place to quickly bounce back from a major disruption or other disaster. 

A comprehensive business continuity plan that includes specific steps for disaster recovery will help your organization get critical business operations back up and running quickly with little to no loss of data.

6. Take advantage of all the cloud offers.

Cloud services provide the flexibility businesses need to support employees who may need to bounce back and forth between remote and in-office work.

All the resources your organization requires to maintain productivity, secure data, and ensure business continuity are available in the cloud. From data storage and secure backups to SaaS business applications like Office 365, the cloud provides a cost-effective solution to almost every work-from-home problem.

Whether supporting remote workers is your organization’s long-term or short-term plan, it is important to ensure you have the tools and processes in place to ensure it is done safely. Download The Essential Work from Home Guide for even more tips on creating a remote work environment that doesn’t leave company systems, applications, and data extra vulnerable to cyberthreats.