Remote Security Series: Review Remote Workforce Policies

The coronavirus emergency has made it clear that some companies are ready for the new work-from-home (WFH) reality, with mature and tested policies for managing remote business workflows. Others were caught off-guard and now find themselves developing and refining their procedures even as they’re being implemented.

Especially in times of crisis, we humans need structure, boundaries, and clear guidance to help us feel secure and remain productive. So much so that we’ll create our own in the absence of any guidance. And while a little flexibility is a good thing, remote work brings technology and cybersecurity challenges that demand clear, relevant, and effective policies to protect the company’s network.

Turning the problem into an opportunity

Though most companies are now facing the radical shift to a remote workforce, the smart ones are using this emergency as an opportunity to review and update their remote work policies. Even for those that have transitioned smoothly to WFH, the scale of this change makes it prudent to double check the security posture of their teams. Those that do will find more ways to make their operations more secure and efficient; those that don’t may become corporate casualties of the coronavirus.

Safeguarding sensitive data

One of the biggest security issues for businesses is handling sensitive data like Social Security, credit card, or bank account numbers. Do you have procedures in place to make sure that information can be sent and received securely? Take a close look at how sensitive data flows across your newly extended network boundaries. Make sure you’ve accounted for identity management, client information, and any type of financial divulgence or payment.

Like a rubber band, your network perimeter thins as it expands. Remote workers are at a heightened risk of direct attacks against their personal data. Emphasize the importance of documented policies regarding internal communications. Some examples might include never asking for passwords, verifying critical or sensitive requests, and MFA support.

Business continuity processes (you do have them, don’t you?) no longer enjoy the luxury of encompassing a small number of sites. They now must accommodate an increasingly dynamic footprint of inputs from remote workers. Use this experience to update them to include such things as better internal communications, more productivity checkpoints, remote device wipe, and alternate contact information for remote workers.

Include guidance about the personal use of business assets and make sure your VPN enforces a minimum level of security compliance before authorizing network connections. That should include requiring the use of company devices, keeping your endpoint protection up to date, and making sure any necessary agents are installed.

In addition, you should enforce MFA on all systems that connect to network resources. Implementing MFA requires planning, but it offers much more robust security at the perimeters.

All of these efforts are important, but they’re doomed unless you also have an effective way to let your workers know about them. Now is the time to communicate more frequently about security and be on guard against localized attacks like phishing and spear-phishing. Not sure about that email? Don’t open it. Hold off on sending hyperlinks so that any links received stand out for additional scrutiny.

Where to start

These are just a few of the ways you can make sure your business turns the problems you face with remote work into opportunities to make the experience more effective for your company and your team.

If you need more help or want experts to help you transition to WFH, Raxis offers thorough security reviews and guidance on Teleworking, Security, and Business Continuity / Disaster Recovery (BC/DR) policies.

Contact Raxis today for more information.

Want to learn more? Take a look at the next part of our Remote Security Series.

Raxis X logo as document separator
Woman with dog working on laptop
PenTest As a SErvice

Penetration Testing as a Service doesn’t have to be a dressed up vulnerability scan. Raxis PTaaS delivers a solid pentest done right and when you need it.

Blog CAtegories