Security Considerations For Working Remotely In The Midst Of Coronavirus
Organizations are now dealing with the new normal created by the coronavirus pandemic and are turning to remote access to allow personnel to continue to perform their job duties. While this technology is no doubt vital for allowing many sectors of the economy to function, it is important to keep in mind some security best practices while working remotely. This article is not intended to harp on technical policies and procedures, nor is it meant to add just another item to our ever-growing lists. That being said, it is important to keep security top-of-mind when working remotely. While most of society is working together to address this pandemic, bad actors will undoubtedly capitalize on security vulnerabilities causing data breaches, which has the ability to make an extremely difficult working environment even worse.
In July of 2016 NIST (National Institute for Standards and Technology) has a published guide for Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security, which includes several key principles that remain true today. The following recommendations from this guide are good reminders as your organization may be widely deploying remote access or extending remote access capabilities to employees that previously did not utilize this technology.
- Use multifactor authentication. A remote worker should only be granted access to an organization’s network if verified through two methods such as a password and access code texted to a cell phone, a password and a hardware token, or a password and a fingerprint.
- Continue to update and patch software on all devices connected to the organizations network. All software, including operating systems, firmware, or plugins, on devices that employees use to work remotely that directly connect to your company’s network should be fully updated and patched to protect against known security vulnerabilities.
- Consider your organization’s data retention policies. Most remote access methods allow remote workers to save data locally to the device. This locale storage may be at a greater risk if the device is not properly updated or if it is lost at some point in the future. Any local storage of sensitive, confidential, or regulated information will require further security measures on the device itself to properly protect the data. Your organization should evaluate and communicate whether it permits remote workers to store any or some data locally to devices for remote working.
- Secure your remote device. Accessing and saving sensitive, confidential, and regulated information from a remote device can expose the data to new physical vulnerabilities, such as lost or stolen laptop or USB drive. Remote computing devices should be encrypted and secured when not in use to reduce the likelihood that the information saved therein will be compromised.
Remote access procedures and capabilities come in all shapes and sizes, but most importantly whatever your organization’s policies, ensuring that personnel knows and understands these policies is vital. These are just a few quick reminders on key features of any remote access policy that all organizations should consider. Please do not hesitate to contact us if you have specific questions regarding your organization’s remote access capabilities or policy.