ISACA Now Blog

Knowledge & Insights > ISACA Now > Posts > Here’s How Leading Organizations Keep Remote Workers Safe and Secure

Here’s How Leading Organizations Keep Remote Workers Safe and Secure

Anna Johannson
| Posted at 3:06 PM by ISACA News | Category: Security | Permalink | Email this Post | Comments (2)

Anna JohannsonFor all of the benefits remote working offers businesses, it’s hard to ignore the security risks and threats.

According to a Gallup survey, more US employees are working remotely than ever before (and for longer periods of time). In 2016, 43 percent of employed Americans said they spent at least some time working remotely. Of these employees, 42 percent of survey respondents report working remotely 60-100 percent of the time.

As remote working becomes more popular, there is more and more pressure on employers to offer remote working opportunities to employees. And while your organization would be wise to adjust to the preferences of their workforce, prematurely deciding to allow for remote working without thinking about safety will leave your company vulnerable to considerable security risks.

Whether you already have a remote working policy in place or are just now considering the feasibility of it, here are some practical ways, from an information security perspective that, you can keep your remote employees safe.

Switch to cloud-based storage. If you haven’t already, switch your organization to cloud-based storage. Not only does this improve the data integrity of your entire company, but it gives remote workers the ability to access files and programs without needing to store sensitive information on their devices. Providers offer encrypted cloud storage at very affordable rates.

Require regular password changes. While it might seem obvious, poor password hygiene remains one of the single biggest risk factors for remote workers. Whether it’s simple passwords or passwords that never get changed, inadequate passwords increase the risk of being compromised by hackers and other cybercriminals. For best results, encourage your employees to select passwords that contain at least 12 characters (with numbers, symbols, uppercase letters, and lowercase letters). They should then be prompted to change passwords every six to nine weeks.

Limit as much access as possible. Just because you can give an employee access to a program or file doesn’t mean you should. Each employee and/or device that has access to confidential data increases the risk of being compromised. To enhance security, limit access on an as-needed basis.

Have remote support systems in place. When something goes wrong with a computer or system in the office, all it takes is a quick call to the IT department and somebody can be quickly dispatched to deal with the issue and, ideally, neutralize any security risk.

While not quite as convenient, you can have the same sort of control and responsiveness with remote devices if you have the right support systems in place. Tools like Dameware Remote Support make it possible to log into a remote worker’s computer and troubleshoot problems in real-time to limit issues or security threats.

Keep software and programs up to date. When it comes to security risk factors, outdated software and programs are high on the list. Vendors don’t pay much attention to outdated versions and this often means there are vulnerable loopholes that could leave you out to dry. For best results, enable automatic updates on all employee devices.

Give your remote team a chance to succeed. If you genuinely want remote working to be a viable option for your organization, then you have to give your employees a chance to be successful. This means – among other things – paying close attention to security. If need be, meet with an outside security analyst or consultant to get some feedback on your setup. You can never be too safe.

Comments

Passwords...

The password expiry control has increasingly been viewed in the last couple of years by organisations such as NIST as of lower value, and can often be a contributor to password fatigue in users.
John854 at 4/3/2018 10:04 AM

Encryption

The disk encryption and OS restriction must be also implemented to protect confidentiality of the data by not allowing plugging up the disk to other devices or booting to the non-standard OS.
Antonius Ruslan at 4/8/2018 3:17 AM
You must be logged in and a member to post a comment to this blog.
Email