Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
SPONSORED BY
11/14/2016
09:50 AM
Malwarebytes Labs
Malwarebytes Labs
Partner Perspectives
50%
50%

8 Ways Businesses Can Better Secure Their Remote Workers

Remote workers may present challenges for IT staff, but a combination of cybersecurity best practices, strong policy, and a dedicated user awareness campaign could keep company data safe.

Advances in networking and mobile technologies have enabled remote workforces on a global scale, and while remote work policies often hinge on company culture or manager preferences (like Marissa Mayer’s controversial ban on remote work for Yahoo! employees), most companies must at the least accommodate a mobile workforce.

Therein lies the challenge.

Always-on access to work documents, emails, and programs creates loopholes for cybercriminals looking to infiltrate a company’s network. “Remote workers are a known weak link in almost every organization’s security profile, which is why threat actors target them,” says Justin Dolly, CISO of Malwarebytes. “The farther away from the typical corporate network you get, the less security there is protecting the users. There has always been a challenge managing endpoints, especially with the advent of Bring Your Own Device [BYOD] some years ago.”

So what’s a company to do? Here are eight ways that businesses can better secure their remote workers.

  1. Switch to cloud-based storage. Look into cloud services that offer high levels of encryption so that data is not only easily accessible for remote workers on the move, but also better protected from threats such as ransomware.
  2. Encrypt devices when possible. When assigning laptops or other mobile devices to remote workers, encrypt hard drives to protect any data stored directly on the machine. However, not all security programs work with encrypted devices, so be sure to double check tech specs before doing so.
  3. Create secure connections to the company network. Remote employees should be connecting to the network through VPN to protect the network at large. IT staff should only allow remote users to connect to VPN if their system is properly configured and patched and their security products are updated and active.
  4. Roll out automatic updates. Take updating hardware and software out of remote workers’ hands by putting their devices on a standard image and activating automatic updates, especially for their security programs.
  5. Use an encrypted email program. Since checking company email offsite is a common practice -- even among in-house employees -- using a secure email program that encrypts messages is key. Cloud-based applications such as Mimecast manage business email security for Microsoft Exchange and Microsoft 365, for example.
  6. Implement good password hygiene. Safeguard against lost or stolen devices by requiring that remote workers (and all employees) use strong passwords that are long and memorable enough that they needn’t be written down. Request that employees also password-protect their phones, since they are the easiest to lose, be stolen, or hacked.
  7. Increase user awareness. Rather than attempt to restrict personal browsing or monitor other digital behavior (which can actually lead to decreases in employee satisfaction and productivity), IT staff should put an emphasis on user education. Distribute a cybersecurity policy that spells out how to identify phishing emails, tech support scams, and other social engineering tactics that threat actors use to bypass otherwise strong security measures.
  8. Deploy an endpoint security program. If not already implemented, look into endpoint protection platforms such as Malwarebytes Endpoint Security that can be deployed remotely and managed from a central location. Your endpoint protection platform should also include a strong anti-exploit component in order to shield unpatched programs or legacy systems.

Remote workers may present challenges for IT staff, but a combination of cybersecurity best practices, strong policy, and a dedicated user awareness campaign could keep company data safe for all employees outside the office walls, whether they’re checking email on the elevator or hunkered down in an Antarctic research station.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/2/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9498
PUBLISHED: 2020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
CVE-2020-3282
PUBLISHED: 2020-07-02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
CVE-2020-5909
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
CVE-2020-5910
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
CVE-2020-5911
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.