People were provided new laptops without security settings being checked or protection applications installed. New remote hires have been let loose on business systems without proper onboarding or credential checks, and workers using insecure networks or personal devices created further security risks for businesses.
Criminals were leaping at the opportunities pretty much the minute people started working from home. Cases of fake email invoice fraud rose as finance workers struggled with demand, while examples of CEO fraud, where people pretended to be the boss needing funds transferred, also rocketed. Hackers also broke into business Zoom calls and message chats to capture useful data for their plans.
As remote working becomes normal, firms need to follow the best practices set by the remote-first companies that have been doing this since before COVID-19, and either by design or luck had the luxury of time to get things right. If you need to get your workers operating in a data secure way and you don’t have the benefit of time, you need the security tools and expertise to do it correctly.
What you need for remote security
It starts with the basics - firms need to ensure strong password security among all workers. People are busy and want to get straight to work, so they pick very easy to guess passwords for collaboration tools and services that create easy entry points for hackers.
People also bypass the basics altogether; they might get fed up seeing update messages or scanning alerts and disable security tools, or they might not bother installing what the company’s IT people recommend. This means remote install tools are required to ensure workers’ machines are protected. If there’s no security software installed then tools like Malwarebytes offer at least some protection for free for individuals and at minimal cost for small businesses.
Protecting the networks comes next; workers and their families may have all sorts of devices carrying malware accessing their home WiFi or network (research suggests that home devices are over three-times more likely to have malware than a business device) that will try to leap on to a business network. Improved business network defenses including VPNs, gateways and next-generation firewalls can be installed to defend the company’s digital borders.
A recent trend in IT security is zero-trust tools. These assume that every user, app and data packet is suspect until proven innocent. They continuously monitor all network and user activity through smart automated authentication. Any unusual behavior requires further authentication or creates an alert.
How to best defend the business
For a company whose defenses stopped at the firewall, the new technology to support remote working might sound complex. But many products are now delivered through the security access service edge (SASE) model, like security as a service for the cloud era. They work as a single solution to protect a company’s WAN, provide zero trust and other features as a single cloud-delivered service model.
Even then, the technical requirements might seem complex for many firms, so getting a partner to deliver advanced security solutions is a preferred option for most. Managed IT security takes the complexity out of the equation and puts your business security in the hands of professionals who are on the cutting edge of the data protection battle.
They can provide the appropriate tools for your size of business, with room to scale in the future to protect data and workers. Even if someone else is handling the security, the business needs to be aware of the threats, using resources like Fortinet’s weekly threat brief to understand what the hackers are doing in plain language.
The hackers will never go away, so lucrative is their trade, so every business needs to understand the threat and build suitable defenses. Share that information up and down the business so workers can avoid the common tactics hackers and criminals use. And, as remote work continues to grow, ensure every device sent to a new hire is defended the minute they turn it on and that all hires go through proper security training and awareness sessions. This will all help to deliver a safe working environment that protects staff and critical business data from any threat.
- Small and Mid-Size Business Security: 4 Steps to Success
- How SMBs Can Secure Endpoints and Remote Workers for the Long Haul
- 7 Considerations for Firewall Performance in the Era of Secure Remote Work
- Next-Gen Firewall Features and What They Do
Broad. Integrated. Automated. Security.
Fortinet secures the largest enterprise, service provider, and government organizations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network - today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud or mobile environments. Fortinet ranks #1 in the most security appliances shipped worldwide and more than 480k customers trust Fortinet to protect their businesses.
Join the conversation...