With more employees than ever working from home using their home computers, protecting the corporate network is vital. Yet a recent survey showed that fewer than 10% of employers provide remote staff with antivirus software for any personal devices used on business. That’s a relatively cheap measure that businesses are failing at, so it’s pretty clear they must be failing at more substantial defensive measures, too.

What do businesses really need to do to protect their networks from the threats enabled by remote work?

1. Develop a detailed security strategy.

Defense is depth is especially crucial when remote work increases the “width” of the network. Businesses need to ensure their information security strategy addresses all the network layers to limit the chances a threat will successfully penetrate and reach valuable data assets.

2. Train employees to compute safely.

It’s primarily the actions employees take or don’t take that make businesses vulnerable. Even employees who’ve received information security training at home should receive new training when they begin working remotely. There may be new risks due to new communications or collaboration tools, as well as risks that come from mixing personal and work data on the same device.

3. Make data unreadable and unreachable.

All data should be encrypted while in transit; the most sensitive data should be encrypted in storage, as well. Sharing data is necessary, but steps should be taken to ensure data is shared securely, rather than via unapproved file sharing services. Require users to connect through a VPN when accessing data remotely. Review firewall settings to make sure they’re appropriate.

4. Authenticate and authorize users effectively.

For users accessing corporate resources from outside corporate premises, multifactor authentication is an essential additional control. In addition, to minimize the impact of any unauthorized access, users should be granted the minimum set of privileges needed to perform their job functions. Role-based access controls, along with period reviews of user privileges, help ensure users can do their jobs without access to systems, data, or functions they don’t need.

5. Assess third-party security.

When choosing vendors, security should be a selection criterion along with capabilities and costs. In addition, take additional care when granting remote access rights to external parties.

6. Leverage automation.

Reduce the number of mistakes and omissions that increase security threats by automating security-related procedures wherever possible, including analyzing logs and responding to potential threats.

7. Don’t stint on supporting employees.

Give employees the tools they need to work securely, such as putting antivirus software on home devices. The perceived cost is much less than the actual cost of responding to a breach will be.

Prescient Solutions provides complete IT services to help businesses manage their networks, improve their information security, and support today’s hybrid and remote work scenarios. Contact us to learn more about developing an approach to network security that works for today’s work environment.