If you own a company or you are in charge of its management, you may have surely heard about remote working or teleworking. However, many companies are reluctant to grant their workers remote access to the corporate network, since they want to avoid any security breaches.
Nevertheless, in this article we will review and analyse several considerations and recommended practices regarding the setting up of a secure remote workstation. In doing so, your employees will be able to access the company’s network remotely without any risk of hacking or data theft.
If you wish to learn more, you can read our guide to cybersecurity for the workplace where you will find tips and recommendations.
Management and control of hardware and operative systems
We will start with the most basic –and perhaps the most obvious- recommendation, but it is still important to take it into consideration; when it comes to granting the workers remote access, one has to bear in mind that they will access the network from different devices, and these can pose a threat.
The ideal case scenario would be that workers access the company’s network from a trusted device. In other words, the company should provide a fully functional and equipped device or it should facilitate the means for the worker to get one.
These devices, whether they are desktops, laptops, tablets or even mobile phones, must have fully updated operative systems and applications, a good quality antivirus and, in some cases, even a hard disk encryption system.
The more security measures at the software level, the better, since you will ensure the protection of the company’s data. As for access or log in sessions from the worker’s device, the worker usually has two accounts if the device is also intended for personal use. In doing so, the worker will have a personal account and a different account solely used for remote working.
Management of the physical security of the devices
In the previous section, we have seen that measures at the software level must be taken, but, what does physical security or protection of the devices mean? Remote access workstations imply a greater chance of the devices getting hacked.
One must bear in mind that certain situations may arise and that action should be taken in advance if they happen. We mean situations such as the theft of the working device.
Ideally, in case of loss or theft of the remote working device, these preventive measures we were talking about –anti-theft protection measures- should have been already taken. Among the most obvious ones we find: nor leaving the unblocked device on display, in the car or in places where it can be easily stolen, neither taking it outside the house if it is not necessary, etc.
However, there are also other tools or applications that allows us to, for instance, locate the lost or stolen device. The device can always be tracked and located if it the location system is enabled.
On the other hand, the most extreme security measure in case of theft, if important company data can be accessed, is to have a remote data erasure system. That means that, although the device has been stolen, they will not be able to access the information, since it would have been destroyed.
Management of role permissions
There are multiple roles within a company and, in order to ensure security, it is not necessary that all the workers are granted access to all the information of the organization.
Certain permissions must be established in the company’s headquarters, depending on the worker’s position or the type of work the worker is going to perform. For example, a worker who carries out administrative tasks will be granted access to red tape and contract data, while it is not necessary for a worker who is in charge of stock management to access that information.
The same happens with the applications and programmes a remote worker have to use; if it is not necessary for the worker to use them or to check certain information, the safest thing is to establish restricted access.
To sum up, one must plan objectives, responsibilities and which programmes to use depending on the worker’s position or role within the company, in order to create these permissions depending on each remote access worker’s role.
Monitor the network activity
If your company offers the possibility of teleworking, you will have to keep that remote access network always under control. Thus, all network activity must be monitored so as to identify any kind of suspicious activity.
It is possible that, while you are in the monitoring process, you come across attempts to access your network from unknown locations or devices. In other words, somebody may be trying to hack your corporate network and access it.
In order to monitor this network traffic, you should consider if there are repeated failed attempts to access your server or if you identify any suspicious activity such as file downloading or similar. Any kind of traffic that seems inappropriate must be controlled and monitored until measures are taken.
Also, when you monitor network traffic, not only you ensure the identification of suspicious activities, but also you can control that the remote workers are carrying out their tasks correctly.
Using a secure network: VPN
If your company employs remote access workers, than you will know that it is difficult to determine where they are going to establish the connection. It may be a public Wi-Fi network, which implies security risks.
Therefore, the best connection security measure is to use a VPN or Virtual Private Network. VPNs allow the creation of a secure tunnel by means of data encryption during the connection. Also, this networks grant access to all work applications and information as if working from the office.
How does VPN work? To start with, the connection is not established directly through the Internet network, but it goes through a certain number of servers so as to provide a greater level of security and anonymity in the net.
Moreover, this secure or private tunnel between the company and the worker’s device is created, since any information is encrypted before being sent and then, after going through the secure tunnel, it is decrypted on the company’s side. The same process is set in motion when the information travels from the company to the worker’s device.
Therefore, when your company uses a VPN, you are granting the workers a secure remote access to the company’s network in which all connections and sent or received data are encrypted. Remote access through a Wi-Fi connection will not be a problem anymore, since the connection is secure.
Password management and Two-Factor Authentication
Although it is not usually taken into consideration, passwords are an important factor when it comes to maintaining remote working security. Sometimes their importance is overlooked just because there are other security measures available.
However, they are just as important as the rest of security measures, since passwords containing personal information or with fewer characters are considered unsafe. A strong password must contain at least eight characters, among which there must be capitals, low case letters, numbers and special characters.
Given that people do not generally create strong passwords, there are password managers which do it for you and your employees. These managers have safe password generation systems and you can also save these passwords safely in them.
Thus, you will only need to remind the password manager of the password (master password) and once inside, you can automatically browse the rest of the passwords of your accounts to access professional programmes or applications.
Another option regarding password protection is using the Two-Factor Authentication or 2FA in order to access any account when working remotely. How does it work? It is very easy; you enter your user name and password, then a second code of access is sent to another device, for example your mobile phone, and you have to enter it in order to gain access.
In so doing, if someone steals or figures out your employees’ passwords, it will not matter, since they will need this code sent by the 2FA in order to gain remote access.
SecureAccess, the all-in-one solution.
In Open Data Security we have developed SecureAccess, a solution which allows a company’s workers to access the corporate resources and applications safely.
SecureAccess has been developed as an on-premises and cloud solution, which ensures great deployment flexibility for any company, as well as a faster implementation than traditional VPNs.
It also includes its own two-factor authentication application which makes SecureAccess one of the safest remote access solutions in the market.
Ultimately, you can grant your company’s workers a secure remote access, provided that the necessary safety measures are taken. Whether it involves hardware, users or the corporate network, safety is a priority if you want to keep your confidential corporate data under control.