In many organizations, the rise of remote work is boosting productivity and engagement, and at the same time saving a significant amount of money. Despite these benefits, not everyone’s job is made easier by these changes. Take for instance IT teams, which are tasked with ensuring that their remote colleagues do the right things, in the right way, and with the right equipment. Why is this task such a challenge? The problem boils down to this: remote workers want convenience, but IT pros want to ensure compliance. The former is a desirable preference, while the latter is a fundamental requirement.
To help IT teams carry out their critical governance responsibilities, we’d like to share the following seven best security practices for helping remote workers:
Install Remote Desktop Management Software
As discussed in our blog a few months ago, remote desktop management software enables IT teams to access and control a remote computer or desktop from another device, regardless of location. With this remote access, teams can carry out a range of tasks and activities (e.g., managing files or registries, running programs) as if physically present. Teams can also use integrations to launch technologies and tools such as RDP, Citrix, VMware, Web, VPN, SSH, Telnet, FTP, FTPS, SFTP, etc. Some more sophisticated remote desktop management software solutions can also:
- Store and manage passwords, credentials, and privileged accounts in a password vault.
- Provide detailed reports to enable visibility, and allow for better privileged account access management.
- Offer mobile and offline access to ease the administrative burden.
Install Endpoint Security Tools
At a minimum, endpoint security tools should include software updaters, anti-virus software, and network firewalls for both endpoints and home networks. We also recommend that SMBs put remote devices on a standard image and activate automatic updates for all apps and programs, especially security software.
Implement Multi-Factor Authentication (MFA)
MFA is an extra layer of security that requires remote workers to verify their identity by providing their login credentials, along with another piece of information. While MFA is not 100% secure, it is far superior to just using passwords — even strong ones — to protect accounts.
Establish Complete Network Visibility
IT teams need to identify and verify who is performing remote work, what devices are being used, and what critical applications are being accessed. A recent report by IT firm Auvik found that while 86% of respondents support a remote workforce, only half are performing SaaS and cloud monitoring or Wi-Fi management — all of which are essential components of the new enterprise network in today’s hybrid world.
Install VPNs or Establish a Just-in-Time Gateway
A VPN — or better yet, a just-in-time (JIT) gateway — is a crucial tool for remote workers accessing assets internally and in the cloud. Why is a JIT gateway a superior option? VPN servers, albeit beneficial for security (though like MFA not 100% bulletproof), are notoriously difficult to deploy, and VPN clients degrade network performance by tunneling all traffic through the private network. And while the pros might outweigh the cons for large corporate networks, VPNs are not ideal for the smaller isolated networks that most SMBs have in place.
Alternatively, a JIT gateway allows for secure access to segmented networks, both internal and external, that need to be accessed on demand with proper authorization. With a JIT gateway, IT teams can generate detailed session tracking and auditing, and eliminate the need to continually update VPN and firewall rules to grant temporary access. At the same time, remote workers can enjoy uninterrupted access without any speed degradation. For a deeper look at the benefits of a JIT gateway vs. VPN, check out this case study.
Use a Secure File Sharing System
Secure cloud-based file-sharing systems eliminate the need for remote workers to transmit files through unencrypted emails, which can be intercepted by hackers. As a bonus, a centralized repository to store files is convenient and efficient for remote workers, who don’t have to waste time searching for lost documents, or deal with version control confusion.
Address Shadow IT
Shadow IT is the use of hardware, software, and/or cloud services without the knowledge and approval of the IT team. Research by Gartner has found that 41% of end users in 2022 obtained, modified, or created technology beyond the visibility of the IT team. And a survey by technology review platform Capterra revealed that 57% of SMBs have detected high-impact shadow IT activities.
With this in mind, IT teams are advised not to just detect and shut down shadow IT. They should also try to understand why some end users are non-compliant. For instance, some may be breaking the rules out of necessity, because they need to get their work done and existing tools and controls make it difficult (or perhaps impossible). Others may not know that certain tools are available, or how those tools work. And still others may not even realize that they are breaking the rules in the first place! Keeping the lines of communication open, and understanding not just WHAT end users are doing but WHY they are doing it, is valuable for everyone.
The Final Word
IT pros cannot rely on a pre-pandemic playbook to ensure that all remote workers are secure and compliant. The explosion of remote workers (an estimated 41% of all full-time employees work from home or hybrid) vastly expanded the attack surface, and exponentially increased the number of potential vulnerabilities and threat vectors. Yet what hasn’t changed (and, alas, will never change) is that end users are still the weakest link in what is now a longer and weaker security chain.
The best practices described above will go a long way towards helping IT teams enforce security, ensure compliance, and keep their roster of remote workers productive, collaborative, efficient, and above all: safe!