The recent increase in remote work since the pandemic has resulted in more cybersecurity vulnerabilities.
In the office, you have control over how your employees work—the devices they use, how they access the network, and more. But when they’re working from home, especially under bring-your-own-device (BYOD) policies, you set yourself up for attack.
Here are the 10 best ways to keep your network secure with remote employees.
1. Upgrade to a cloud-based communications platform
Traditional landline phones aren’t built for remote work, so many companies that recently made the switch have been forced to select a new communication platform.
Unfortunately, the common option for many has been implementing BYOD policies, with each employee forced to use personal numbers for business communication. The problem is that employees’ personal setups are almost never secured correctly, which leaves your business open to all kinds of vulnerabilities.
The solution is simple: Switch to a small business phone system or a simple cloud phone system. The latter is a modern communications platform that lets your employees connect from anywhere, and can encrypt their calls to keep communication secure.
In addition to keeping your network secure, VoIP (Voice over Internet Protocol) can help your team be more productive by bringing all types of communication into the same unified platform.
To get started, select a VoIP platform that works for your needs. Look for one with positive third-party reviews, great customer support, and prices in your budget. Once you’ve chosen your provider, work with them to set up the devices you’ll need: physical desk phones, or softphones to integrate other devices such as computers and smartphones.
2. Start using a business VPN
No matter how safe you protect your network on-premises, remote workers don’t have a way to ensure they stay away from malicious sites or protect themselves against man-in-the-middle attacks.
For example, if an employee logs in to the company portal using unsecured Wi-Fi in a coffee shop—a common occurrence for remote workers—someone else using that same network can intercept their traffic, and read everything they send and receive.
That’s where a virtual private network, or VPN, can help protect you and your employees. It encrypts traffic information, so someone listening on the connection will only pick up scrambled data.
In short, a VPN can provide the same kinds of protection many office workers would receive as if they were working from the office itself.
To implement a VPN for your remote workers, select a well-reviewed VPN service and set it up on employee devices. Educate your team on how and when to use the VPN, and make sure they use it when accessing any business-related content.
3. Use a password manager
Passwords are your first line of defense, but most employees follow very poor password practices. It’s not uncommon for workers to create unsafe passwords, reuse them across multiple accounts (including personal accounts), update them with trivial changes (like adding “!123” to the end), or even write down hard-to-remember passwords on notes by the computer.
All of these can be devastating for your business’ security. Recent high-profile data breaches at Twilio, Robinhood, and Uber all happened when a cybercriminal infiltrated just a handful of employee accounts. If even one employee is using poor password security, they’re putting everyone else at risk.
A password manager is the simplest solution for password hygiene. Common services include Dashlane and LastPass, and all of these have a business version. A manager provides a secure place for employees to store and share passwords, so they don’t need to write them down or choose something that’s easy to remember (and likely insecure). It can also warn employees of weak passwords and even flag accounts that have appeared in data leaks.
Educate employees on how and why to use a password manager, and enforce its use when doing work-related activities.
4. Require 2FA
The single best protection you have against hacked accounts is two-factor authentication, often abbreviated as 2FA and sometimes also called multi-factor authentication. Recent research by Microsoft showed that using 2FA can block 99.9% of attacks, making it critical to stop someone from infiltrating your network through employee accounts.
2FA works by requiring a secondary form of authentication, in addition to a username and password. This can be a text message, physical security key, or a one-time code on an authenticator smartphone app. 2FA provides a second barrier to anyone who has stolen login credentials, but also is even more secure than a password since the code is only valid for a short period of time—usually a few minutes or even a few seconds.
Nearly every app today offers support for 2FA, but there’s a good chance your employees aren’t taking advantage of it. Educate them on how 2FA works and the research on how it can protect them and the company. If you choose to use physical security keys, provide them to your employees.
To enforce 2FA, make it mandatory on the software you use. You can also set up single sign-on (SSO) using an account (Google Workspace or Microsoft Teams, for example) that’s set up with 2FA.
5. Implement zero-trust architecture
As its name implies, zero-trust architecture is a way of setting up your network that requires verification for each request.
Unlike traditional systems that trusted users within a defined perimeter, zero-trust understands that someone posing as a user can be an infiltrator and requires them to verify their identity before responding to the request.
If your team isn’t familiar with this method of protection, look toward an outside firm to help you implement it. It’s the modern solution to security and a much safer solution than the traditional IT architecture that most of today’s businesses use.
6. Reduce access
Every employee who has access to data presents an additional weakness to the security of that data. The more you can restrict access, the safer you’ll keep company assets. Employees with broad access across data and apps present a liability, since any infiltrator will have the same clearance as the compromised employee.
Of course, employees need access to do their jobs, so restricting it requires a careful balance.
Here are some of the best ways to improve security through restricted access while still allowing employees the freedom they need:
- Err on the side of less access. If you limit something an employee needs to do their job, you’ll hear about it and can correct as necessary. But if you grant too much access employees may not even realize it—until it’s too late.
- Leverage user roles. Most apps today can separate users based on their roles in the business. Similar to clearance levels at government agencies, take advantage of these abilities and default to giving workers the minimum level necessary.
- Restrict to read-only. Sometimes workers need to be able to see data but don’t need the ability to edit or update that data. Default to read-only access and adjust as necessary.
- Avoid organization-wide access. Many software solutions let you choose the access abilities of folders, channels, or projects. Instead of organization-wide access (which is often the default), only give access to team members you invite.
7. Provide employees with company-managed devices
If you use a BYOD policy, consider rethinking the policy. Employee devices are almost never as secure as those provided by the company, and you lack control over the devices as well. With company-managed devices, you can install management software that can remotely control the device, add new security features, and restrict employee access to risk-prone sites and applications.
For companies that can provide devices to employees, start with setting clear policies on what employees can and can’t do with the devices. Make the company’s ownership clear so there aren’t problems down the road, such as with employees who have saved personal data, photos, or documents on a company device that later needs to be wiped.
Be sure to include the best security practices on these devices as well. Include the security software recommendations we’ve mentioned, including antivirus and firewall software. And adjust settings to secure the device: Require a password to log in, encrypt the device’s contents, and set it up for automatic updates to install security patches as soon as they’re available.
8. Educate the team on phishing
Most of today’s threats come not from technical hacking—but from social engineering, such as phishing. Phishing is the act of tricking someone into sharing data by posing as a trusted authority figure.
Educating and training employees to guard themselves against phishing protects not only your company, but your employees’ personal identity information, including Social Security numbers, address, passport numbers, and mortgage information.
Chances are if you aren’t educating your team on phishing, the best choice is to hire outside help. Look for companies that can give insight and provide ongoing guidance to employees to help them recognize threats. Even better, look for programs that include real-life pretend attacks, such as pretend contact forms on websites or pretend phishing emails sent to all employees across the company to see which fall for these kinds of attempts.
Bringing on this can of service is an extra expense, but it can be much more cost-effective than leaving yourself vulnerable to an attack from a real threat actor.
9. Create a security policy
Most employees aren’t security-minded, or at least not to the same level you are as the business owner. Explaining, defining, and enforcing security best practices is the first step to better security, and ensuring your team makes the right choices to protect themselves and company assets.
If you already have an employee handbook, you can add an additional section on security practices. While each handbook should be customized to your needs, be sure to emphasize these features:
- Device usage. Which devices can be used for work and which ones can’t? If you provide devices, how should they be stored and where can they be used?
- App usage. How should employees access the software your company uses? What devices, login procedures, and security practices should they follow?
- Password and authentication. Which types of passwords, 2FA methods, and login methods are allowed? Which aren’t?
- Crisis response. How should employees respond if they see a threat? What should they do if they believe their device or account has been compromised?
Provide simple, clear explanations, and enforce best practices when you see they’re not being followed.
10. Set up a next-generation firewall
Traditional firewalls work with a set of rules defining which domains are safe. This has been an acceptable solution in traditional office environments with traditional applications.
But today’s world is very different. Even in offices, employees are often most vulnerable through web-based applications, making these static blocklists ineffective. And the problem compounds for workers based outside of the security of a local network since traditional firewalls assume any traffic originating from the office network is safe.
Next-generation firewalls use more complex guidelines, including AI threat recognition, to filter safe and unsafe usages even through a single app. They also do away with the assumption that local requests are inherently safe, since infiltrated networks can pose just as much of a threat as outside attacks.
This software is the best option for companies looking to secure their networks across a broad range of devices used by employees around the country or around the world.
Win the battle for better security
The shift toward remote work has created new challenges for protecting corporate networks. But at the same time, it has created new opportunities for businesses to leverage solutions to these problems. Companies that succeed will be those that recognize remote work as an opportunity for improving their security infrastructure and protecting themselves from all kinds of threats.
By taking the steps outlined here, you can protect yourself and your business against new threats and secure company data against the new attacks that target modern remote workforces.