Amid all the upheaval of the past couple years of life and business in the age of COVID, certain business trends have risen to the surface as the most likely to create long-term change. These include a sharp rise in remote work and remote cybersecurity, which are changes that don’t look to be going away anytime soon— if ever.
COVID created an unprecedented migration to remote working on a scale that we’ve never seen before. While some of these at-home workers are returning to the office, others aren’t yet and may never come back in a full-time way.
Working from home is here, and it’s here to stay. This transition has created new cybersecurity concerns and required adjustments to cybersecurity strategy along the way. Moving forward, businesses need to adopt specific remote cybersecurity policies to keep their local resources safe while allowing employees the access they need to do their jobs.
These are just some of the ways that remote work affects a business’s cybersecurity strategy.
Access to On-Premises Server and Data
If your business uses an on-premises server, giving access to on-premises employees is straightforward enough. But access for off-site employees is more complex.
Many businesses rely on virtual private network, or VPN, technology to allow off-site employees to access the network, often from their home computers. But once they’ve made that connection into your network, it’s like they’re sitting in the office next to you — with access to everything digital you can access in the office.
Whatever’s going on in their house or off-site location is now exposed onto your network. An insecure device (or one that’s already compromised by malware) could now have access to your entire on-premises server and network.
Your employees do need access to your local network, but this access can create new threats.
Be sure to limit broad VPN-level access to employees and vendors who really need it. And if you do allow users to use their own computers, you need to require monitoring of those devices and ensure they’re protected with antivirus and antimalware solutions.
Best Practice: Company-Owned Hardware at Home
Companies looking to create a robust remote cybersecurity policy for the first time need to consider further adjustments beyond whatever stopgap measures went into place during COVID.
The best practice in this regard is to require at-home employees to use company hardware that’s managed with endpoint protection. This wasn’t always possible during the unexpected COVID shutdowns. Supply chain issues made new hardware hard to source, and this is still an ongoing concern.
But as you transition to a more long-term work-from-home policy, company hardware with endpoint protection should be a part of the picture.
Small Businesses Should Consider Implementing Access Control
Access control is another component of a strong cybersecurity strategy. VPN access becomes more dangerous when users have access to the entire network. Implementing an access control system limits users’ access to only those network areas that they have a business reason to access.
Without access control, any user (and any user’s device) can access anything that’s on your network — from critical, sensitive company data to customer data and more. But with access control, you limit risk by limiting that access.
Not Every VPN Is Created Equal in Remote Cybersecurity
VPN access is still going to be a significant component for remote work for many businesses. It’s important to understand that VPNs aren’t inherently bad or insecure. They just can’t themselves fix insecure or compromised devices that connect through them.
That said, not every VPN is equally powerful or secure. Some are better than others. Your IT partner can help you land on a best-in-class VPN. When coupled with better overall cybersecurity strategy, you’ll reduce your risk considerably.
Need help implementing a better VPN solution or creating a more robust remote cybersecurity strategy? Alltek is ready to serve all your managed IT needs. Reach out today to see how we can help.