While 2020 may be behind us, the changes, trends, and safeguards from that year are sure to follow us in 2021 as well. Security and safety are thankfully on the minds of many leaders worldwide — keeping “work from home” life still as relevant as ever. As business continues remotely, we’re here to offer insights on how to keep threat actors at bay while keeping systems, servers, and employees safe.
We asked several security leaders and CEOs how they keep their data secure for their remote staff. In this industry pulse check, the tried-and-true best practices once again emerged as a common theme and an effective shield against threat actors looking to exploit remote workers. While keeping in mind the insecure nature of out-of-the-box tools, and while considering the perspective of remote employees, here are the key insights for businesses in 2021:
Combat Insecure by Default
Many modern devices and software come equipped with effective security tools. The problem, however, is that they are often not implemented straight out of the box. Most tools come insecure by default, leaving valuable safeguards like firewalls or Multi-Factor Authentication (MFA) uninitiated. Ruben Ugarte, Data Strategist at Practico Analytics suggests, “take advantage of what employees already have including fingerprinting unlock, two-factor using phones, etc.”
For IT teams, he also advises to “control the entire experience by providing fully setup devices like laptops,” as opposed to a “bring your own device” policy.
Personal devices lend very little visibility into what goes in or out of an organization’s network. Amir Targhat, Founder & CEO of Achilleion adds that “Securing personal devices is very hard because you have to delicately navigate the personal privacy of your employees with the potentially invasive technical implementation required to secure the device.”
Keep and Enforce Good Policies
Ilan Sredni, President & CEO of Palindrome Consulting highlights the “numerous strategies that can be used to protect one’s data with a remote workforce. Initially, you need to determine what information they can have access to and whether it’s located on premise or in the cloud.” This is part of not only writing, but enforcing robust policies that hold all employees accountable within an organization. Policies can dictate data access, as well as account access in the form of password control.
Jodi Daniels, Founder of Red Clover Advisors suggests “instituting a strong password policy coupled with multi-factor authorization, also known as two-factor authorization (2FA). This combination is extremely powerful in preventing a data breach.” Threat actors often find credentials to accounts through previous big breaches, sold on the dark web, or brute-force attacks that can attempt thousands of password combinations instantly. With password managers, you can ensure a strong password won’t likely be “guessed,” and Andy Michael, Founder of VPN Testing further insists that “employees make sure their passwords are regularly changed rather than staying the same for years. Even better: find a password manager that requires you to use two-factor authentication.”
Two-factor or Multi-Factor Authentication (MFA) is an effective security feature on many devices. It forces a user to bypass an extra barrier before accessing an account, which can thwart some of the most prolific threat actors. Jon Holden, Head of Information Security and Atom Bank suggests “deploying MFA on all systems and accounts that are accessed remotely. It may add a bit of complexity for your staff, but it makes a huge difference in your security posture.”
For more advice from the technical side, policies should include “anti-virus software that will be able to detect all manner of malware, spyware, etc.” as suggested by Heinrich Long from Restore Privacy. As a final note on policies, Sandra Goger, Technology Analyst at Iflexion notes to “ensure the reliability and safety of protocols and services that ensure employees’ access to corporate data. Apart from that, additional efforts should be put into endpoint protection and regular security updates for employees’ devices.”
Virtual Private Network
Another required safeguard for 2021 is a Virtual Private Network (VPN). Pieter Vanlperen of PWV Consultants says, “First, utilize a VPN. Every employee working from home should be logging onto business systems through a VPN which uses two-factor authentication.” Michael Miller, CEO of VPN Online adds, “To prevent network intrusion, you should regularly change your password and update everything. You should also protect your devices from unauthorized use and never connect to a public network. But the most effective of them all is to get a VPN.”
VPNs deserve their high praise in how they protect internal data. The traditional office or school campus provided a set number of machines connected to a single, secure network, including relevant files and databases that could not be reached from the public internet. VPNs offer the same, secure network even when employees are no longer under one roof.
Video Meeting Etiquette
A vital part of working from home is the ability to hold meetings with teammates in different locations. This includes apps and tools that allow for video messaging. According to Abdul Rehmen, Cybersecurity Editor for VPNRanks, there are several tips for holding secure virtual meetings from home:
Keep apps updated
Developers release security patches that cover up vulnerabilities in the tools every now and then. Remember to keep your apps updated to stay safe from the breaches.
Password protect your meetings
Always password protect your meeting rooms. Remember to set a password that isn’t easy to crack and is up to the latest password conventions.
Never share links to the meetings
Always use the in-app invite feature to invite members to the room. This prevents unauthorized access to the meeting room as the links can get misused. Maintaining video call etiquette will become far easier with these technical safeguards in place.
The Employee’s Point of View
Even with a few months of experience in working from home, employees may still be getting used to the different context. Oftentimes, environment dictates habit, and security measures tend to take a higher priority within the four walls of a classroom, campus, or office space. Within one’s own home, however, security may not always stay top-of-mind. This is where training can help.
James Cash, Managing Director of Superfast IT suggests that “companies make it clear to their teams the role they play in security and provide them with ongoing education in this area. Online user awareness training and assessment tools are an obvious and low-cost choice in achieving this with a distributed workforce.” Despite the distance between employees, comradery can be gained through shared awareness and mutual understanding of security.
Continuing into 2021, it’s clear that working from home is still the best options for some organizations, and still one of the best ways threat actors can infiltrate a network. With these suggestions from industry leaders, and with technical best practices at the helm, any organization is sure to improve their defenses no matter what else 2021 can bring.