How to make remote working secure: 13 best practice tips to increase security

As businesses scrambled to suddenly support much larger, permanently remote teams, certain cyber-security policies and procedures fell by the wayside. Simultaneously, cyber-criminals capitalised on the uncertainty, confusion and panic caused by the pandemic and found new opportunities to attack, via remote workers and unsecured technologies.  

Remote Desktop Protocol (RDP) attacks were up by 400% in March and April alone, while COVID-19 related email scams skyrocketed by more than 650%. A survey by Verizon found users were 3 times more likely to click on pandemic-related scams, putting businesses at greater risk of credential theft, data breaches, malware and more.   

Remote working is not going away. In the UK, businesses will be subject to at least several months of restrictions. Yet, even when things do return to ‘normal’ it’s unlikely that operations will be the same as they once were. It is imperative that businesses prioritise making remote working secure to prevent themselves from falling victim to a breach or serious attack.  

13 ways to make remote working secure

1. Educate your employees

New scams, particularly revolving around business email compromise, arrive daily in relation to events, such as the pandemic or a legislation change. It’s important that your staff can identify a one-off or unique phishing scam or at least raise it with IT if unsure. Software can help keep staff sharp with phishing, but ongoing training is critical to protect the business from other methods of social engineering, such as via the phone.

2. Establish 24x7x365 security monitoring

The threat landscape has changed forever and so have the risks as the workforce works remote as standard. It’s essential to continually monitor the security of all infrastructure, cloud environments, cloud applications and end-user devices. The more devices outside the perimeter the greater the potential holes and entry points to an attacker. 

3. Establish advanced threat detection and response

It’s vital that you are aware as soon as possible when major threats appear. Security systems also need to be aware and rapidly notify you of any breach or attempted breach of your security. The system action and human response must be rapid to isolate and contain the threat, even if it’s not on your local network. It’s important to note here that the human element is critical, too many organisations are simply relying on slick-looking AI solutions, which on their own just don’t cut it. 

4. Deploy aggressive vulnerability management

Keeping systems up to date with the right security patches is more important than ever with a disparate workforce. Unpatched systems and system misconfigurations are a key focus for attackers. It’s important to use scan networks but also to use host-based scanning that allows remote workstations to scan themselves outside of the corporate perimeter. 

 5. Monitor cloud infrastructure and applications

You must monitor systems that hold your data, even if you don’t actively manage them. Most cloud infrastructure and cloud applications, especially the like of Microsoft, AWS and Google provide large volumes of data that can be monitored for suspicious events and activity. 

6. Monitor the dark web for breaches

Corporate data, particularly passwords, appear on the dark web daily. This may come from large breaches, such as with LinkedIn or Adobe, but also from smaller malware attacks that have skimmed off information during an infection. More than half a million Zoom accounts are currently for sale on the dark web and, at only 1p per login, are extremely cheap to buy. It’s important to know when passwords and sensitive information is leaked, so that action can be taken to mitigate the associated risks. 

HOW SECURE IS YOUR COMPANY DATA? RUN A FREE DARK WEB SCAN NOW AND SEE IF YOUR CREDENTIALS HAVE BEEN OBTAINED BY CYBER-CRIMINALS 

 7. Ensure multi-factor authentication (MFA) is in place

Multi-factor authentication is a basic and essential security control both too many organisations are still not deploying it to improve the security of their remote access. 

8. Don’t forget backups

Most of the attacks focused on the remote workers aim to deploy ransomware on a corporate network. To take that further, they are also looking to encrypt backups to ensure that a company can’t recover their data. Therefore, businesses should be looking at creating an air gap backup to protect against this threat.  

9. Run attack simulation training

Spear phishing is still one of the most common attack vectors. By running this type of training, you can see how employees would respond to real-life attacks and socially engineered campaigns. Results can be used to identify weaknesses and deliver personalised training to those more likely to fall victim to a breach attempt.  

10. Implement device risk and compliance checking

You need to ensure devices are secure before allowing them to connect to the corporate network and access resources. Personal devices often do not have the same security protocols and can open several weak points. Businesses need to have clear oversight of all devices connected to the network, be able to distinguish between personal and corporate devices and be aware whenever a new device joins or tries to join. As it may not be possible to install additional security software on the device, businesses should flag it for unusual activity and put it on to a separate network.  

11. Implement access governance policies

The rising threat of a breach, internally and externally, means it’s important for businesses to monitor and control who has access to key resources. Policies should assume the principle of least privilege (POLP) – giving users the bare minimum permissions they need to perform their role – and clearly define who has access to which resources and under what conditions they have access. With the right policies in place, it becomes easier to identify areas of ‘privilege creep’ and prevent stale accounts (e.g., ex-employee accounts which are still active).  

12. Manage privileged access

Employees are often given full admin rights as standard. However, increased access means an increased risk level. Instead, you should ensure employees are only able to access what they need to fulfil their job role and responsibilities effectively. There should be systems in place allowing administrators to respond to access requests and be notified of any unauthorised access attempts.  

13. Adopt a zero-trust principle

The increase in cyber-attack frequency and sophistication, coupled with the hybrid nature of today’s IT environment, means traditional security frameworks are no longer enough. While businesses typically focus on defending their perimeters, assuming everything ‘inside’ is already cleared and safe, this is too open of an approach. Zero-trust is essentially about removing all automatic trust. Anything and everything which tries to connect to the system must be verified before access is granted – ensuring it is the right user, from the right secure endpoint, with the right access permissions, who is making the request.  

Remote working security is a critical issue

More than ever, businesses cannot afford anything which would harm their productivity, their reputation, or their bottom line. It’s understandable why measures may have not been fully in place at the beginning, but it’s imperative that businesses now make security a priority. 

To make remote working secure, businesses must take stock of their current security landscape, assess the risks, and take steps to improve and protect themselves. If you would like advice or assistance in doing this, to ensure all the bases are covered, please contact the QuoStar team for a no-obligation chat or initial risk review.