More and more people are working remotely but many businesses do not have adequate solutions in place to protect sensitive information across diffused and decentralised computing infrastructures. With an increasing challenge to keep machines and data secure, new combinations of solutions are required.
In many cases, the level of protection between an organisation’s mobile workforce in the home environment and their core IT systems is not the same, resulting in increased attention from hackers.
A recent survey by we conducted found that just 56 per cent of Australian respondents agreed that all employees/departments in their organisation understood safe cybersecurity practices. And 34 per cent of respondents in Australia said employees in their organisation don’t check with their IT before introducing new devices or installing software on company devices.*
These results show that education is still key. The best security team in the world can’t protect an organisation unless everyone understands their roles and responsibilities in protecting personal data and company resources.
Businesses tend to lose visibility into an employee’s online traffic after they leave the office building. As a result, it is much harder to actively identify and prevent malware from accessing mobile devices or an employee’s remote network connection, and taking valuable company data. Mobile devices may also be lost or stolen, making them susceptible to data leaks.
We recommend the following protocols for businesses with employees working remotely:
- Protect remote devices
Devices that are compromised and infected with malware outside of the office can be potentially controlled by an attacker when brought back into the office, effectively opening the door for the hacker to gain remote control of internal systems.
To limit the risk of malware infection, businesses should implement security software and practice good computer hygiene by installing the latest versions of applications and new security patches as soon as possible. It is risky for businesses to rely on employees to perform these tasks, so IT leaders should activate automatic updates and use a patch-management tool to send updates.
Remote-wipe applications should be installed on company mobile devices so data can be erased if the device is lost.
- Use strong passwords
Businesses should implement policies which state employees must use strong passwords to access the company’s network while working remotely, including refraining from using the same password for multiple applications or websites, and changing passwords frequently. If an application offers an authentication option such as a two-step verification process, then employees should use it.
Employees should also avoid storing information on their personal desktop. If this is necessary, employees should encrypt personal information to avoid information theft if the laptop or device is lost or stolen.
- Implement a virtual private network (VPN)
Normally, a user has no expectation of privacy on a public network, as their network traffic is viewable by other users and system administrators. Companies should install a corporate VPN connection on all company laptops. A VPN creates a “tunnel” that passes traffic privately between the remote network and the user. The tunnel protects the traffic and keeps it safe from being intercepted or tampered with.
While the rate of employees working remotely is increasing, this does not mean a company’s security should suffer. Implementing the correct tools and policies ensures company data is not at risk while employees work from home.
* The State of Cybersecurity in Asia-Pacific report, by Palo Alto Networks interviewed 500 respondents in APAC, covering Australia, China, Hong Kong, India, and Singapore markets. This included over 100 respondents from Australia
Ian Raper, Regional Vice President – ANZ, Palo Alto Networks
