With so many organizations moving toward a remote workplace model, cybersecurity needs to be top of mind.
While many levels of “IT maturity” exist among businesses, most of them fit into one of two camps:
Scenario 1:
The first scenario is an organization with a seasoned IT team that already has a subset of remote workers in place.
In this case, the company will need to move quickly to get all their office workers equipped with new, protected corporate laptops/tablets/desktops. The first step will be obtaining and installing enough internet security licenses to cover all the devices being used. Be sure to familiarize everyone with your company’s processes and methods of safely accessing company data and resources remotely.
Next, to protect files, emails and other resources, you’ll need to ensure secure VPN access for all of your remote employees.
Ideally, you’ll harden that VPN with an extra layer of security via two-factor authentication (2FA)—ensuring that only your authorized users will have access to the network. Finally, we recommend protecting your data via disk encryption to render it unreadable if a company device is lost or stolen.
Scenario 2:
The second situation involves a company that has no remote employees; doesn’t have a remote work policy in place; and may not be able to afford new company laptops or other devices for their soon-to-be-remote workers.
These employees will be using their personal laptops, smartphones or desktops—which you currently have no control over.
Your first—and most crucial—step is to provide reliable endpoint security for each employee’s personal computing devices and make sure it gets installed. Use an endpoint security solution from a reputable vendor, not free antivirus, if you value your data and reputation.
Next, arrange a secure VPN for your employees for safe access to company emails, shared sites, files, etc. For added peace of mind add 2FA, which uses a worker’s smartphone to send one-time access codes.
If your budget allows, we highly recommend implementing encryption to render company data unreadable to unauthorized users.
Both Scenarios:
For all scenarios, cybersecurity awareness training for every employee in your organization is a must. Wherever they’re working, everyone will benefit from knowing how to recognize a phish, create strong passwords, avoid social engineering scams and apply IT security best practices.