Remote Work Security: The Basics

tl;dr: Home computers/networks, remote logins, and lack of common sense can poke security holes in your business if you let them. Don’t let them.

It’s easy to transition your business to fully remote work.

Well, ok, scratch that.

It’s easy to transition your business to fully remote work if you do it badly.

Don’t do it badly.

“How do I not do it badly?” you ask?

By avoiding a few major security pitfalls that businesses tend to fall into when going remote, that’s how.

And that’s why we’re back with even more tips on how not to make rookie mistakes when it comes to remote work security.

So without further ado, let’s dive in. Here are a couple major security problems you’re probably facing thanks to remote work… and how to fix them.

Connecting from home just isn’t secure

When it comes to getting your employees set up working remotely, connecting to your business is a security huge issue — maybe even the huge security issue.

Why though? Isn’t working remote as simple as accessing all the tools and services you access in the office… but from the comfort of your own home? What does security have to do with it?

Turns out? A lot.

You might think you can just ask your employees to use their own computers and their own home networks when they work from home.

You can’t.

You don’t know what your employees are doing on the regular on their own computers and their home internet connections. You don’t know what they’re accessing or what junk they might have on their system or what outdated software they might be using. Heck, they might not even know: their kids might use those computers to do… well, who knows what?

And you don’t want any machines that you’re less than 100% sure about connecting to your business. It’s too risky.

So what can you do? You’ve got a couple options:

• Give all your employees a work computer. It’s probably not the best option… but it’s an option. If you’re equipped to do this and end up going for it, just make sure everyone’s using their machine responsibly: set them up with a VPN and make sure they’re ONLY using the computer for work. If you have to crack the whip a little on that, do it.
• Give your employees remote control of their work computers. There are programs out there that let you use one computer to access another computer and control it. You’ll have to find a remote control tool that works for your business and employees of course. But once you’ve done that, you’re good to go. Your employees will be able to use a client on their personal computers to control their work computers directly from home.

Remote logins aren’t secure either

Logging in to your accounts isn’t as secure as it seems.

You probably use a bunch of different tools and services for your business, right? And those tools and services require passwords to get in. Pretty standard stuff nowadays.

But protecting your tools and accounts with a password alone isn’t enough anymore. Anyone who’s determined enough can crack — or in some cases even guess — a password these days. It’s not that hard.

That’s why making sure your business and its apps/tools are set up with multi-factor authentication is key.

Multi-factor authentication (MFA) adds additional login factors on top of a password, making you and your employees’ accounts a lot tougher to get into for anyone who isn’t you.

And yeah: you’re probably rolling your eyes at this right now. And you’re probably thinking:

“Who would ever get hacked?”

or

“We’re a small business, nothing’s gonna happen to us.”

or

“We’ll never be targeted.”

…or something along those lines.

Well don’t. Thinking that way is a surefire path to regret and tears as the person/group that owned you laughs all the way to the bank.

This stuff really happens. Really.

And now that people are working from home, attacks are even more prevalent than they were before. That’s why it’s absolutely essential to set up MFA at your business.

The good part? MFA and TOTP (time-based one-time password) systems aren’t that difficult to set up and can integrate with most existing login environments. (And yes, we can help you get going with MFA. /plug)

Everyone’s different

Yep. Everyone’s different. And that’s a problem.

Well, ok, let’s be more specific: the problem is that everyone has a different level of experience when it comes to working from home.

Some people — people who already work from home frequently for instance — are really good at it. These people are adept at accessing everything they need to access to get their work done at home. (Believe it or not, that can be a challenge for some people.)

Others… aren’t. Some people just aren’t tech savvy and are going to need a little more handholding to get started.

This isn’t necessarily a security problem… but it could be.

Remember how we mentioned that attacks are more prevalent now that a ton of people are working from home? Well, that’s due in part to… basically carelessness.

Phishing — targeted attacking designed to trick you into giving out your personal information — happens every day. We’ve all gotten phishing emails, right? And we all think we’re smart enough not to open them or click on any links.

But all it takes is one careless mistake.

And since some of your employees are going to be less adept than others at working from home and figuring things out on the fly and by themselves, the chances of phishing attempts actually working are a lot higher.

That’s why it’s important to train together as a team continuously, keep your guard up, and embrace best practices when it comes to security.

Keeping your employees informed will go a long way in keeping your remote setup safe.

And there you have it. Put these security practices in place and your remote-work environment will be more secure.

We’ll have more security and remote-work tips for you in the near future, so check back soon. Until then.

Affant is a managed IT service provider. Located in Orange County, California, we’ve offered our clients best-in-class IT services for over 20 years.