Published by
Many businesses that established remote and hybrid working arrangements during the pandemic have opted to make them permanent. However, while leaders are eager to take advantage of the flexibility, cost savings and employee morale boost that come with work-from-home policies, they must ensure they don’t do so at the expense of maintaining a robust security posture.
Luckily, companies don’t have to sacrifice security and privacy to realize the benefits of remote work. While it takes some careful planning, dedicated tools and firm rules, a work-from-home policy can be an effective, permanent strategy for many businesses. Below, 13 members of Forbes Technology Council discuss some smart strategies businesses should leverage to ensure a more secure remote work environment.
1. Establish Well-Rounded WFH Policies
When working remotely, security starts at the door and window of each employee’s home, and it’s impacted by their network and the residents of the house. Without ensuring there are policies that define the permitted use of equipment and systems and establishing employee education and monitoring of job security, we can lose control of company resources. Further, in a remote environment, security monitoring and managing access privileges and identities become more important. – Robert Strzelecki, TenderHut
2. Secure The Identity Perimeter
Threat actors are finding new ways to bypass traditional security measures. In this context, securing the identity perimeter has become crucial. In fact, identity has become the new endpoint. Companies should dust off their endpoint security playbook and apply the same scrutiny to identities. This will ensure a zero-trust access posture, even for remote work. – Almog Apirion, Cyolo
3. Leverage Zero Trust
To ensure a more secure remote work environment, businesses should leverage the zero-trust security model, which emphasizes continuous verification of identities and permissions. Additionally, incorporating privacy by design principles into your data management practices will help protect sensitive information and maintain user privacy. – Blake Brannon, OneTrust
4. Implement MFA
Implementing multifactor authentication is an essential strategy a business should leverage to ensure a more secure remote work environment. It provides an additional layer of security by requiring users to verify their identity using at least two factors, such as a password and a fingerprint, before granting access to sensitive information or systems. – Arthur Miller, equipifi
5. Establish Layered Security
Layered security serves as shorthand for a strategy that combines multiple technologies and principles, including multifactor authentication, managed detection and response, zero trust, DNS filtering, security awareness training, and password-aware email tools aimed at defanging business email compromise. When deployed, the strategy enhances security in both distributed and on-premises environments. – Adam Stern, Infinitely Virtual
6. Set Up Robust Asset Tracking
Regardless of where your assets are—within an office building, in the cloud or operating remotely from an employee’s home—you must be able to track them. Knowing you have the assets is a rudimentary step. Beyond that, you must also be aware of patch management, anti-malware, segmentation and so on; the solutions running; if those solutions are up to date; and whether any controls are missing. – Brian Contos, Sevco Security
7. Require A VPN
Businesses must set up workable processes to reduce the danger of cyberattacks, such as using antivirus software and establishing internet usage guidelines. Requiring employees to use a VPN while using work equipment is a crucial aspect that enhances remote security. Employee traffic is encrypted, making it harder to sustain a cyberattack. Additionally, data should be stored on a secure cloud server. – Namrata Sengupta, Stellar Data Recovery Inc. DBA BitRaser
8. Conduct Regular Operational Reviews
IT leaders should conduct regular operational reviews of their environment. Most companies—regardless of whether their employees are distributed, working in a hybrid arrangement or in the office—should adopt a zero-trust model. However, without regular operational reviews and clear action items, IT and InfoSec leaders will operate under the assumption, not the certainty, that everything is working as intended. – Rahul Rao, Understood.org
9. Limit Employee Access To Critical Data
Limiting employee access is crucial for security. For example, an employee with access to confidential data, such as salary information, could misuse it or inadvertently expose it to cybercriminals. By granting access only to the essential resources needed for each role, you minimize risks while maintaining a user-friendly environment for your remote team. – Anton Abyzov, Softgreat
10. Deploy Secure Web Gateways
You simply can’t trust remote employees to follow all security protocols and measures to keep your company’s data and applications secure on their home network. You will want to consider deploying a secure Web gateway at your employee’s home. The best practice is to impose as much of your enterprise security on your employee’s home environment as possible. – Leonard Lee, neXt Curve
11. Embrace The Cloud
Make your IT infrastructure cloud-first to support remote working. We migrated our antivirus, malware, device management, identity management (for example, Microsoft ActiveDirectory), VPN and other core infrastructure services so they would all be remote-first. That means that a user with a laptop at home or a mobile device is as secure as they would be in our office. – Adam Sandman, Inflectra Corporation
12. Use Remote Device Management
For remote work, use remote device management. Monitor the state of critical software, push updates and make sure devices are being backed up remotely. Almost no one needs admin rights to their own machine, so lock those abilities down and keep people from installing anything that isn’t approved. Pushing new configurations and updates remotely will save everyone time and increase security. – Luke Wallace, Bottle Rocket
13. Educate Your Employees
Educate, educate, educate! No amount of technical strategies and/or tactics can completely secure a less than “security savvy” remote worker. Education can help to promote a culture of security within the organization, where employees take responsibility for their own security and the security of the company’s assets. – Emmanuel Ramos, OZ Digital Consulting
Originally published on Forbes.com