The growth in popularity of remote working has meant that the landscape of cyber threats has become more complicated for organisations. When everyone was working in the same office together, managing cybersecurity was at least contained to a single location, and a single network. With remote working, however, organisations must be mindful of the fact that multiple locations, networks, and devices are accessing company resources.
We spoke with TechQuarters, a London-based IT company that has been remote since 2010, and has helped many of their clients establish secure remote working. Like many IT support companies London businesses use, they understand the most important components of remote work cybersecurity – below are 5 examples:
- Passwords and Multi-Factor Authentication
Passwords and authentication are a hugely important aspect of all business. However, for remote workers, they are especially important. As the working environment of remote employees cannot be controlled completely, there is a heightened risk of devices or accounts falling into unauthorised hands. Organisations can mitigate these risks by enforcing multi-factor authentication (MFA) and strong password practices for all remote employees.
Multi-factor authentication (MFA) is when an account or device requires an additional form of authentication in addition to a password. Additional forms of authentication include one-time passcodes sent via SMS or email, or generated from an authentication app.
Strong password practices involve ensuring every password is unique, and has a high entropy value – meaning it will take a long time (theoretically centuries) to crack the password via a brute-force attack. A strong password uses a combination of unique words, uppercase and lowercase letters, special characters, and numbers.
- Endpoint Management
With remote employees bringing their devices outside the conventional perimeter of their organisation (i.e. the offices), there is a heightened risk of data breaches. The solution to this is to implement unified endpoint management (UEM).
Unified endpoint management is a centralised solution that allows a business to manage the security of all devices that are linked to the company’s network. This includes (but is not limited to) enforcing data governance policies on devices, remotely wiping company data from a device, and managing the software that can be installed on the device (this depends on whether said device is company-owned or not). As an IT support provider London-based companies depend upon, TechQuarters have equipped many clients with UEM solutions – they confirmed that it is the most comprehensive way to protect company data on devices.
- Employee Awareness and Training
In addition to the technologies and policies that businesses have, employee awareness is another critical factor in their overall cybersecurity.
Remote employees must have a strong working knowledge of cybersecurity risks, and the best practices that mitigate those risks. For example, a remote employee should be able to identify a phishing attack, check whether a website is secure or not, and uphold the privacy and confidentiality of the organisation (and its data).
Organisations should offer regular training sessions to ensure that their employees’ cybersecurity awareness is reinforced and up-to-date.
- Secure File-Sharing
File sharing is a common practice in business. However, when employees are working remotely, and using other networks besides the company’s, there is a heightened risk that files could be intercepted if the appropriate file-sharing methods are not used.
According to TechQuarters, the most reliable and secure method of file sharing is to use a cloud file management solution – an example of this would be Microsoft SharePoint. Having provided IT support Central London businesses have been using since 2010, they have seen how cloud storage has become commonplace, and emerged as a more secure alternative to sending files over the internet.
With cloud storage, files are in-transit for a very short amount of time. Once they are in the cloud, they are protected by the underlying security of the platform. Then, instead of sharing the file, the employee can share a link to the cloud storage location – and only users whom they specify will be able to access that location.
- Update and Patch Management
Software security is yet another critical aspect of an organisation’s cybersecurity. Software can often have vulnerabilities that may be exploited by hacker/crackers. Vulnerabilities may be known to the developer, or they may be unknown – a zero-day vulnerability – that has been identified by hackers.
The best way to ensure that the software that employees use is as secure as possible is to commit to regular and consistent update & patch management. Updates and patches help to close vulnerabilities in a program, making it more secure.