With the capabilities of remote access, either through telework or on mobile devices, many companies are asking the question:
How do I maintain my cyber security when my employees work remotely?
Whether you have one employee working on a mobile device while on a business trip or your entire staff telecommuting from home, your cyber security shouldn’t be sacrificed for convenience. By understanding your options and working with a quality IT services provider, you can safely navigate the cyber world and keep your business protected, no matter where you are.
Cyber Security and Telework
Maintaining your cyber security while allowing your employees to work remotely can be a challenge, but it can be accomplished with minimal risk if you plan ahead and choose the right options for your business.
First and foremost, the Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security published by the National Institute of Standards and Technology (NIST) says to “assume that communications on external networks, which are outside the organization’s control, are susceptible to eavesdropping, interception, and modification.” If you don’t expect someone to infiltrate your network, you won’t be protected when someone tries. Always prepare for the worst-case scenario.
How do you do that? You should start by choosing the best telework option for your business’s needs and budget. There are four basic ways to secure your network while allowing remote access to employees.
- Tunneling Using a VPN Gateway
Virtual Private Network (VPN) gateways create secure access from the employee device to the VPN gateway and onward to your internal network. In this way, your enterprise-level cyber security measures are extended to the VPN, which acts as a secure tunnel for employees to work through. Some VPN gateways can even extend your business’s firewall rules to the employee computer no matter where they are working by use of a very light, portable device. A great advantage when travelling on business.
VPN gateways offer several great telework features, but while communication is protected through a VPN gateway, the employee’s computer could still be at risk of transmitting infected data if the computer itself is compromised. Depending on the amount of traffic it needs to carry, VPN gateways can be quite an investment, requiring third-party software or dedicated servers. Even so, the benefits often far outweigh the cost when secure communication is important.
This method of remote access happens primarily through a browser-based webpage or virtual desktop. All applications and data are stored on the portal’s server and cannot be downloaded or saved on an employee’s device without permission. This is a good way to keep control over who is accessing your data and how it is used. It may also be a cheaper option than purchasing a VPN gateway.
The danger with portals depends on what permissions the employee has while accessing the portal. If the portal allows an employee to access other areas of the internet while connected, it could provide an unintended avenue for criminals to access your network. It’s safer to restrict employees’ access to other programs while the portal is in use. The more access an employee has, the less secure the connection becomes.
- Remote Desktop Connection
Remote desktop connection allows an employee to remotely control a computer physically located at your business via an intermediate server or third-party software. When the two computers are connected, applications run and data is saved only to the computer in your office, and your network’s cyber security measures are enforced. Your remote device merely displays the work performed on your office machine.
Due to the direct access, remote desktop connection is considered high risk in cyber security terms. Proper configuration is critical. When set up correctly, communication between the two computers is encrypted for the data’s protection, but it is also encrypted from the organization’s firewalls and threat detection. No matter how good your cyber security measures are, if the employee’s home computer doesn’t have the same protections as the office workstations, malicious data can slip into your network unnoticed during a remote desktop connection.
- Direct Application Access
Direct application access is probably the lowest risk to your cyber security measures out of all the remote access methods because it is best used only with low-risk applications. In this method, employees can remote into a single application, usually located on the perimeter of your network, such as webmail. The employee doesn’t have access to the entire network, allowing them to work on select applications without exposing your internal network to danger.
Though there is much less danger posed by direct application access, it generally doesn’t allow for extensive work to be done. There is very little connection to data on your network, and little ability to take data to another application if needed. It is best used when traveling or on a mobile device where complete access to the network is not necessary.
Telework isn’t the only way employees access your network. Mobile devices have become ubiquitous to work on-the-go, but if you fail to protect these devices, your business and your clients may suffer. There are basic security recommendations for securing any mobile device, including thorough employee training in cyber security, strong encryption, keeping software up-to-date, and supplementing your security with third-party anti-malware/anti-virus software. While these fundamental methods keep the average device secure, if you’re dealing with sensitive or confidential data on your network you may need additional safeguards.
NIST’s Guide to Enterprise Telework offers detailed suggestions for protecting any business when it comes to mobile and telework access, including:
- Limiting networking capabilities (such as Bluetooth) not necessary for work.
- Turning on personal firewalls, if available.
- Requiring multi-level authorization before accessing your business’s network.
- Restricting other applications allowed on the device.
Perhaps the most important piece of advice NIST has for mobile devices is not to treat them as mobile devices at all: “Given the similarity between the functions of mobile devices, particularly as they become more advanced, and PCs, organizations should strongly consider treating them similar to, or the same as, PCs.”
It may also be beneficial to use a mobile device management (MDM) solution to maintain control of a mobile device in case of theft or accidental loss. With an MDM, you can locate, lock, or remotely destroy any data on the mobile device. This way your sensitive information won’t fall into the wrong hands, even if the device can’t be recovered.
Best Practices for Maintaining Cyber Security
Regardless of the type of remote access you decide on, there are a number of opportunities to shore up your cyber security defenses:
- Establish a separate, external network dedicated solely to remote access. If something does infect the server, it won’t spread to other parts of your network.
- Use encryption, multi-level authentication, and session locking to protect your data.
- Keep your hardware and software patched and updated, including your employees’ remote computers.
- Manually configure employee computer firewalls and anti-malware/anti-virus software.
- If possible, physically secure computers with locking cables in any untrustworthy place, such as hotels or conference areas.
The amount of preparation needed to secure your business’s mobility is an important investment. A good managed IT services partner can walk you through the process and make sure your business is safe and productive anywhere. For help setting up a telework network, contact the experts at Anderson Technologies by email at firstname.lastname@example.org or by phone at 314.394.3001.