Protecting Company Data From The Risks Of Remote Working

Uploaded on 2024-10-04 in TECHNOLOGY--Resilience, FREE TO VIEW

A recent Forbes Advisor survey showed that, of 1,100 respondents, 63% of worked remotely either all or some of the time. That's a major source of risk, both from external sources of attack but, more importantly, from careless erors and malicious actions from insiders. Here are nine key measure that every organisation should implemet to protect network integrity ansd stay cyber secure.

1. Provide company devices

Though it might seem obvious, providing company laptops and phones where possible allows a business to fully manage and secure the devices being used to access company data. Moreover, it is highly recommended that all your devices be updated and encrypted with SSL certificates.

If it is not possible to provide employees with devices, at the very least employers should ensure that workers have access to everything they need to secure their own devices, such as company-provided anti malware software.

2. Scan and penetration test applications

Penetration testing is one of the best ways to protect against data breaches as it simulates real-world attacks on systems, highlighting vulnerabilities that could otherwise be exploited by hackers.

It is especially critical to check for privilege escalation attacks, whereby an attacker will exploit vulnerabilities to access a system or application with limited privileges, and then elevate their access rights to access high-level, sensitive data.

Building defences against these attacks will ensure that even when a remote employee’s credentials are compromised, the access to critical applications is limited to the user’s primary role.

3. Use VPNs across the business

With data breaches costing businesses an average of £3.72 million in 2024, it is vital to invest in tools that can cover vulnerabilities.

As a defence against the risks that come with employees accessing work materials via unsafe home and public networks, all workers should be encouraged to use a virtual private network (VPN). This software is easy to implement and protects data that could otherwise be vulnerable to attacks over an open network.

4. Deploy a web application firewall

Alongside using a VPN to protect your connection and traffic, it is prudent to utilise a Web Application Firewall (WAF) to protect web applications from attacks.

Employers should deploy an AI/ML based WAF that detects anomalies and blocks illegitimate requests even if they are made through an employee’s credentials that were compromised.

5. Employ encryption software

Encryption software is able to provide some peace of mind when it comes to the data breach risks of remote working, as encrypting sensitive files means that even if someone were able to steal them, they would not be able to access the data or content.

Employers should create security policies that ensure all workers, especially remote workers, are aware of how to encrypt files and when it is necessary. Furthermore, routine checks can be done to ensure this is being followed.

6. Strict password management

Ensuring strong password management across the business is a key component in minimising the risk of data breaches, as research shows hackers rely on weak passwords when brute forcing PoS terminals.

This includes using automatic password generators to create safe and secure passwords, as well as ensuring that passwords are unique and never duplicated across multiple accounts. For sensitive data, employees should always implement multi-factor authentication (MFA), requiring users to provide multiple methods of verifying their identity.

7. Rigorous access controls

In order to control access to sensitive data and minimise the risk of a security breach, employers should apply the principle of least privilege when it comes to access control. This means only allowing users access to the specific assets that they require for their work.

Moreover, files should be removed when they are no longer needed and access should be revoked as soon as it is no longer necessary, such as when an employee leaves, or someone’s involvement in a project is over.

8. Provide employees with what they need

A major risk of remote working is that employees may implement tools, systems, or habits that are not sanctioned by the company in order to make their jobs easier. This could include using risky apps and tools, sending files via unsecure channels, or storing assets somewhere unprotected.

The most effective way to avoid this risk is to provide remote workers with all the tools they may need to do their job effectively and ensure that they are aware of all the approved platforms that they have access to.

It should be an integral part of security policies to approve web app purchases and free downloads, mitigating the risks that come with using a combination of open-source CMS and cloud-based apps.

9. Fully prepare and train remote workers

Employees can implement endless security strategies, but efforts will be futile unless remote workers fully understand what the procedures are and why they are important.

In 2023, over 352 million individuals were affected by data compromises, highlighting just how critical it is for organisations to provide employees with comprehensive training on what constitutes sensitive data and how they can protect it, as well as what is at stake if they don’t.

And training doesn’t have to be dull, for example setting up phishing email simulators to engage the team and allow them to see the potential dangers in action.

Regular training and guidance will ensure that remote workers are equipped to do everything they can to keep company data safe.

Forbes     |     Forbes     |     Palife     |     Statista

Image: Tima Miroshnichenko

You Might Also Read:

Enhancing SaaS Security: Leveraging VPNs & ITDR to Combat Identity Theft:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Attackers Can Use RAM To Steal Data From Air-Gapped Networks
Cyber Workforce Growth Slows As Tight Budgets Restrict Hiring »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Duane Morris LLP

Duane Morris LLP

Duane Morris is a global law firm with offices in the USA, UK and Asia. Practice areas include Cybersecurity.

Clearwater Security & Compliance

Clearwater Security & Compliance

Clearwater Compliance specialize in Privacy, Security, Compliance and Risk Management Solutions for Health Care, Law Firms and other businesses.

Ericsson

Ericsson

Ericsson is a leading provider of telecommunications services and network infrastructure solutions including all aspects of network security.

ENVEIL

ENVEIL

ENVEIL’s technology is the first scalable commercial solution to cryptographically secure Data in Use.

Georgia Cyber Center

Georgia Cyber Center

Georgia Cyber Center is dedicated to training the next generation of professionals through education and real-world practice while also supporting innovation in new technologies for online defenses.

Stealthcare

Stealthcare

Stealthcare is a full service, global cyber security firm offering solutions that educate, empower and protect.

Cybertron

Cybertron

Cybertron services include real-time monitoring and incident response and a cyber range for competency development.

Codeproof Technologies

Codeproof Technologies

The Codeproof enterprise mobility solution empowers your business to secure, deploy and manage mobile applications and data on smartphones, tablets, IoT devices and more.

CopSonic

CopSonic

Copsonic provide a technology solution based on ultrasonic waves to send secure and encrypted data between two devices in order to achieve authentication.

Dutch Accreditation Council (RvA)

Dutch Accreditation Council (RvA)

RvA is the national accreditation body for the Netherlands. The directory of members provides details of organisations offering certification services for ISO 27001.

F1 Security

F1 Security

F1 Security provides a family of web security solutions including web application firewalls, web shell detection solutions, and web shell scanners.

Ghost Security

Ghost Security

Ghost is a venture backed, product-led startup building the new standard in application security for the modern enterprise.

Cloud4C

Cloud4C

Cloud4C is a leading automation-driven, application focused cloud Managed Services Provider.

Primus Institute of Technology

Primus Institute of Technology

At Primus Institute of Technology our mission is to inspire, support, and empower current and aspiring IT professionals through training and career development workshops.

RAND Corporation

RAND Corporation

The RAND Corporation is a non-profit institution that helps improve policy and decision making through research and analysis.

Orca Fraud

Orca Fraud

Orca is an AI-driven fraud orchestration platform. We empower fraud fighters to outpace fraud using our custom ML models.