FINRA's BrokerCheck

Working from Home: Equipping Your Team for Security and Success

Organizations across the globe raced to build remote workforces as the coronavirus pandemic spread at a rapid pace. While many are now operational, questions remain for companies looking to ensure their remote workforce is equal parts productive and safe. As IT professionals evaluate their existing remote infrastructure, many opportunities exist to safeguard data and create a secure remote workforce.

As employees access files and programs from the comfort of their own home, security is a primary concern for companies of all sizes. Programs like Microsoft’s Remote Desktop allow users to access their server from a remote location, but they also present potential IT vulnerabilities. Hackers have used Remote Desktop and similar programs to compromise organizations’ data and resources. To prevent such intrusions, companies should utilize virtual private network (VPN) connections or firewalls. Doing so creates a safe, secure connection—like a tunnel—between the user and the home office. Products like WatchGuard or FortiNet are popular VPN options.

Companies should also consider multifactor authentication to safeguard the log-in process. Following entry of a username and password, multifactor authentication requires users to input a code provided via text or email, giving companies an added barrier in the event employees’ login information is compromised.

Home internet connections often filter less content, giving users access to a variety of sources that might have been blocked by a firewall at the office. As a result, we’re beginning to see attacks that are much more advanced, and go beyond what a traditional antivirus software is able to prevent. With that in mind, companies should consider protections that have layered security simple antivirus software. Advanced endpoint protection software offers added safeguards, including artificial intelligence, which learns how users typically behave on their computer. The software can then identify abnormal activity and even quarantine a potential threat. In some cases, the software will also roll back the machine to its status prior to the infection.

While software can offer tremendous support, there is also merit in evolving the “human firewall” by investing in security awareness training for all staff. Ensuring your workforce can differentiate a legitimate email from a phishing one can stop many compromises in their tracks.

It sounds overly simplistic, but the fact remains: companies should enforce password requirements and policies. An effective password includes lowercase and uppercase letters, special characters and is a suitable length. Employees should be discouraged from using the same password across multiple devices, or passwords that they have used in the past.

Employees should also pay attention to the reminders to keep computers up to date. Major IT companies like Microsoft and Apple frequently issue patches and updates that address common threats and vulnerabilities, improving computer security in real-time. It’s also important for employees to follow their company’s data backup policies, which typically include backing data up to a protected, cloud-based location like Dropbox, Google Drive or Microsoft’s OneDrive. Doing so guarantees the safety of important files if a device is to fail or an employee falls victim to a ransomware attack. Finally, employees should manually lock computers and devices when stepping away—the last thing that you want is a child or pet accidently deleting an important document or sending an unwanted email. To go one step further, companies can also enforce an automatic screen lock policy, requiring employees to set their computers to lock after a predetermined length of time without use.

For the many organizations that have moved to a work-from-home model, there are a number of straightforward tools and solutions that will increase security during this unprecedented time. As workforce structures change, hackers do too, utilizing new tactics to compromise remote employees’ data. With the correct precautions and planning, organizations can keep themselves, their employees and their data safe—no matter the location.

Published in COVID-19