Hexegic – Covid 19 Remote Working Advice

Hexegic

20th March 2020

Hexegic – Cyber Awareness 

How secure is your remote working?

Friday 20 March

 

How secure does your business feel with all your staff working from home?

 

If someone had told you twelve months ago that March 2020 would see millions of us switching our businesses and teams in one fell swoop to universal remote home working, you’d have thought they were deluded.  And yet here we are, conducting business meetings from our kitchen counters. Pragmatic, but at the same time daunting, and not without some risk.

 

In the spirit of pulling together (the best thing to have come out of COVID19 so far) we wanted to offer up some practical advice from our own area of expertise, and suggest some steps you can take to ensure your networks stay secure when your entire workforce is logging in remotely.

 

Bear in mind, with remote working everyone focuses on getting the technology sorted, but in fact, people and the processes they follow are far more critical. ** You can put any tech solutions in place that you want to try and secure your networks, but if your people aren’t following sensible protocols your efforts are futile.**

 

Cyber security really does start at home. You need to be asking yourself, how do I help my employees sensibly secure their own assets and connections? How do I get them to think cyber security with every move?  Here’s what we’d suggest: 

 

  1. Rewrite the rulebook

 

There’s enough confusion about everything at the moment. Make one area less bewildering by defining in policy for your employees what, where, when, and how they are expected to work remotely. Are they allowed to work from anywhere? How should their laptops and phones be secured when they are away from them? What are the rules on connecting to WiFi and wired networks? Addressing all of these sorts of questions up front will instil more confidence and encourage informed responsible behaviour.

 

  1. 2Secure physical assets

 

Securing your assets means protecting the tech leaving the office, but also includes your employees. Make sure they have a safe, focussed space to work in at home, and drill cyber security best practice into them before they’re allowed to leave. When it comes to tech assets, make sure phones and laptops are encrypted and protected by adequate authentication; ensure mobile devices and apps are configured to only allow activities permitted in your policy; and make sure connections to networks are forcibly encrypted.

 

  1. Secure your network

 

With everyone now logging in via their own routers and networks, this is an obvious area of concern. Access to your company resources either in the cloud or via remote connection to your corporate network must be tightly controlled. Look at every point of access either via a network or application and review the authentication requirements. Use either a Virtual Private Network (VPN) or Zero Trust Network approach to ensure secure communications across public networks. And don’t forget employee’s own routers through which they’re accessing your resources – get them to change their default router password and review its settings, your IT team should be able to help here!

 

  1. Verify identities

 

Strong centralised identity management is one of the top ways to manage remote working securely. You want to put it place the strongest possible methods of users proving who they are, without impacting usability, through the likes of single sign-on. You also want a centralised place to control access to networks and applications remotely should you need to change anything as your business changes. Take a multi-layered approach, requiring not just a password to log in, but a combination of something you know (a PIN or password), something you have (a token or your phone), and something you are (biometrics).

 

  1. Logging and monitoring

 

As one of your largest IT risks, remote working should be proactively logged and monitored to provide the earliest warning of compromise. Monitor who is trying to connect in the middle of the night and from where – is it likely they’d be doing so? Your systems should spot odd behaviour and block and/or alert you to it – if an employee is connecting in the UK and the US within one hour of each other, you might smell a rat…

  

These are unprecedented, anxious times, and we hope that you and your businesses are managing to adapt to the challenges so far. If you’d like any more advice on how to manage your cyber security through this crisis please don’t hesitate to get in touch.

 

Here’s to secure, productive remote working – who knows, it might transform our work culture and cyber awareness for good.

Join the cluster today!

Enjoy all the benefits being a member brings and register your interest here.

Register
Contact us

To find out more01327 856108

Send us a message
Founding Members: