Maximising Security Whilst Working Remotely

As we continue to move on from the COVID-19 pandemic, embracing the “new normal”, how has your approach to employees’ working practices changed?

Many businesses, including SES, have adopted either hybrid or full remote working practices since the start of the pandemic. This shift in working presents significant cost savings to our business and our employees, reduces our environmental impact as commutes are reduced and provides our employees with a better work-life balance.

Whilst adopting either a full or hybrid working from home model presents numerous advantages to your business and your employees. It is more important than ever to reinforce strong security policies to maximise security whilst your workforce operates remotely.

Below we have outlined several key suggestions to ensure your organisation runs smoothly and strong security protocols are maintained whilst enabling your workforce to operate seamlessly away from the office environment.

Non-Technical Mitigations For Business Continuity

Protecting Information

Ensure that your users know whether they can print out of the office. If they are permitted to do so, how they should securely dispose of any sensitive information they print. For example, using a cross-cut shredder would be considered acceptable, whereas disposing of confidential documents in a recycling bin at home would not.

Update Crisis Plans

Review your business continuity and disaster recovery plans. Are there key personnel who require corporate devices and others who could be given extra leave instead? It may be that you decide to focus on providing key services to clients and choose not to deliver all services all the time.

Contractual Agreements

Check client contracts to confirm whether remote work is permitted and under what conditions. This will be relevant if your staff are embedded at a client site, or your team are working with sensitive client data on your site. If working from home is specifically excluded, talk to clients to develop acceptable working practices which are comparable with your organisations own policies.

Technical Mitigations

Multi-Factor Authentication

Ensure you have adopted two-factor authentication (2FA) for all users, and that they all know how to use it. This helps mitigate the risk of having unauthorised users accessing systems remotely.

Patching

Make sure that all devices which are used for work (both company and personal devices) have been patched and have anti-virus software installed. Which is active and updated. Ideally use application whitelisting, which is built into windows. Importantly, ensure your remote access solution itself is kept up to date.

Check For Vulnerabilities

Ensure that your remote access solution has been penetration tested recently and that any urgent, high, or medium issues have been resolved. This helps mitigate the risk that your remote solutions are vulnerable to attack by malicious third parties and helps ensure remote access for legitimate users is maintained.

User Support

It is also important to consider user support issues; for example, should employees need to print from home outside of your normal printer fleet, how would you facilitate the installation of new drivers? Or manage job storage on personal printers.

Make sure you also consider the implication of requiring staff to use their home internet connection for work, including whether it is fit for purpose and how to handle technical issues with that connection.

Additionally, ensure that portable devices have appropriate firewalls to protect them from other devices on unsecured networks.

Stress Testing

Consideration should be given to stress testing your remote access solution so that your organisation has a good idea of how many concurrent devices can be connected remotely, without adversely affecting performance. It may be necessary to improve the capacity of the remote access solution for the duration of this period while your network is experiencing higher numbers than usual of remote users.

Mitigations For Bring Your Own Device (BYOD)

Cyber Security is even more important if your organisation permits employees to use their own devices. Staff using their own devices bring about several other cyber security risks, such as sensitive data leakage and lack of central control from the organisation perspective.

To mitigate the risks surrounding employees using personal devices:

• Ensure employees’ machines are updated to the latest operating system and security update.
• If you do allow BYOD to be connected to corporate networks, consider enforcing Network Access Control or limiting the machines to a segregated Wi-Fi network.
• Make a risk-based decision on whether non-corporate devices can be used if they do not have full-disk encryption installed.

It’s your people who have the most influence over how smoothly your organisation copes with change, such as large-scale transitions to hybrid or full remote working. Good communication is the key in these scenarios – everyone it affects should be asked to confirm they understand the changes and whether a full-time WFH or hybrid role would be best for them.

If you need assistance with your cyber or information security measures, please get in touch.

This article was published in partnership with our cyber security partner PGI.

© SES Secure Limited and ses-escrow.co.uk, 2021. Unauthorised use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to SES Secure Limited and ses-escrow.co.uk, with appropriate and specific direction to the original content.