15 Apr Cybersecurity: How to secure remote working?
François Amigorena founder and CEO of IS Decisions and an expert commentator on cybersecurity issues looks at some of the cyber security challenges of remote working
Due to the current situation of COVID-19 (coronavirus), most employees are asked to work remotely for obvious safety reasons. The problem is that this option comes with a number of cybersecurity risks/ Supervision and preparation are extremely important to ensure the organization’s security.
Working remotely presents many advantages for employees (for example, flexibility and work-life balance) but it also brings a certain number of risks which IT professionals understand very well.
92% of IT professionals think that the benefits of remote work outweigh the risks according to research. However, their approval of working remotely doesn’t come without concerns. 90% agree that remote workers pose a security risk, and 54% said they pose a greater security risk than employees on site.
Insecure networks, spying, hacking, exploited employees… the risk can come from many directions. In the end, it all comes back to the ability of the IT team to securely extend access>to the corporate network – and the sensitive data inside.
4 steps to secure your remote employees
Employees need to be aware of the challenges and risks of IT security, which is why raising awareness is extremely important. Unfortunately, it’s not enough. Below are four steps that need to be taken in order to secure remote working.
Use a VPN
Secure access to VPN connections
Monitor and manage all RDP sessions
Use two factor authentication for RDP sessions
1: Use a VPN
A Virtual Private Network, or VPN, creates a secure tunnel between the remote machine and your corporate network. Basically, a VPN routes the traffic through the internet from your organisation’s private network, ensuring even more security. Anyone who tries to intercept the encrypted data will not be able to read it.
2: Secure VPN connections
Now that you have a VPN in place, you need to secure those connections. The best way to do so is to limit VPN access only to authorised laptops (whether from the company or personal employees’ laptops). This restriction makes sure that any connection attempt from a “non-authorised” machine is now denied.
3: Monitor and manage all RDP sessions
Remote sessions, also known as RDP sessions, refer to a computer connecting remotely to another, sharing control of its mouse and keyboard, and viewing its display. Employees working from home use this on their own machine in order to connect to their work machine.
Monitoring, restricting and managing your RDP sessions is the perfect way to detect unusual access. It is also important to set up real-time alerts and immediate response whenever a suspicious access is detected.
4.Two-factor authentication for RDP sessions
Two-factor authentication (2FA) is one of the most effective controls an organisation can implement to prevent an unauthorized person from gaining access to a device or network and accessing sensitive information. It helps secure user access to the Windows environment.
For remote connections the need is even more important. Employees who connect remotely or virtually to a computer within the network should be asked for 2FA to verify their identity.
This type of authentication is simply an additional layer of security. The more security layers in place, the smaller the risk of a cyber-criminal gaining access to your sensitive systems.