The remote workforce isn’t going anywhere. It’s likely job candidates ask about this, and they may choose another company over yours due to a lack of options. Whether you’re considering remote employees now or it’s a possibility for the future, we want to set you up to mitigate the risks that come with remote access to your business.
1. Secure your remote connection.
A Virtual Private Network (VPN) is how businesses allow remote devices to connect to their network. It secures the access and exchange of information from somewhere outside of the company. This is how users access company files when they’re working from home for a day. When this isn’t secure, hackers can easily make their way into your network, resulting in a virus, a ransom demand, or leaking data to the public, to name a few undesirable outcomes.
2. Create a patch management policy. Automate where possible.
When you have remote workers, they often disconnect from your network at the end of the day. This is usually when your IT team runs critical updates to your network’s devices… but that only happens if devices are connected to the network during that time.
Talk with your IT provider about creating a policy that will ensure your remote workers stay up-to-date on patches. The consequences of falling behind creates weak gaps in your business security that cybercriminals are always looking to use to their advantage. If your employees are remoting into work, a hacker can, too.
3. Have a Mobile Device Management (MDM) policy.
There’s no way to prohibit specific devices from accessing certain types of information. That can only be done at a user level. So if Jane Doe has full control access, that means she can use that full control access on her personal phone or tablet, too, if she has the login credentials for your network.
Jane may be a trustworthy employee, but if her tablet or phone gets stolen and her credentials are stored, whoever has it may exploit that access. This is where Mobile Device Management policies come into play. Review your company’s current policy, and if you don’t have one, now is the time to configure it.
4. Double-triple check your access controls.
Without getting too specific, access controls function on two levels: a Share level, and an NTFS, which is essentially a security function.
On Share permissions, the least restrictive setting takes precedence. So if you have it set to Read on a Share level, but Read and Write on an NTFS level, that employee will have Read and Write access to all folders.
Because this can get so complicated, we highly recommend working with your IT team to make sure all settings are in place, reviewing the settings and revoking access as needed, and ensuring that everyone is granted access on a need-to-know necessary-to-work manner.
Protecting your business is a neverending task. Minimizing business risk only gets more complicated as the business world becomes more and more digital (and thus more remote). But your IT team is there to help. Talk to your current provider about these items, and if you’re in need of more assistance, contact us!