Does Work Remote Affect Your Security?

Whatever businesses believed before March of 2020, pandemic circumstances forced them to test their ability to function with a work-from-home workforce. Two and a half years later, it’s clear remote and hybrid policies will be a permanent part of the employee handbook; as Glassdoor reports, 45% of the 2021 workforce expects to continue to benefit from having options when deciding where to clock their working hours. While it is clear companies large and small will need to continue to integrate remote work into the daily plan, ensuring the security of the devices and applications used outside of the physical workplace will also need to be an even more critical part of the daily plan. 

Flexibility is now required in business; whether that is a private residence, local coffee shop or vacation resort, however businesses can’t afford to be lenient in their approach to cybersecurity in the remote workplace. Insurance companies report the average cost of a data breach in small and medium sized companies is almost $110,000 while companies with more than 1,000 employees can end up paying out more than 1.4 million for a single incident. 

As companies move into the future, the key to maintaining cybersecurity for remote workers isn’t that different from standard measures needed to keep the company safe overall. Start with these best practices:

1. Verify that every employee has completed security awareness training. It’s much easier to prevent an attack than to recover from one. Make sure employees are aware of how prevalent data breaches are, how to identify phishing scams, and what to do in the event of a breach.
2. Verify all software patches and updates have been installed. Not just laptops and servers, but firewalls and other network devices (routers, switches, APs, office equipment, etc.)
3. Change passwords for network devices; when possible, require multi-factor authentication (MFA)
4. Enable employee multi-factor authentication everywhere.
5. Review cybersecurity policies and corresponding procedures, especially incident response plans.
6. Test backups and put at least one version offline monthly (or more often)
7. Remove internet-facing management consoles (internal access only)
8. Consider implementing a "Zero Trust Network Access" (aka ZTNA) policy in your cybersecurity plan, click to watch an informational video on NuSpective and Fortinet's ZTNA
9. Consider replacing your traditional Anti-Virus technology with a next generation Endpoint Detection & Response (EDR) solution, click to watch an information video on NuSpective and Fortinet's EDR solution. 
10.  Contact NuSpective and formulate a plan that includes maintaining a cybersecurity team capable of monitoring and analyzing potential threats, shutting down breaches and restoring a business back to normal operations following an incident.