With more companies working with geographically distributed teams today, more employees are working remotely than ever before. Remote work poses unique security challenges for companies. Because employees are not physically working on-site, they're often relying on their own Wi-Fi networks and devices to access company data.

To mitigate security risks, companies must implement clear and comprehensive policies and take proactive measures to ensure the safety and integrity of company data. To gain some insight into the strategies and best practices today's companies can implement for adequate security when working with remote team members, we reached out to a panel of security professionals and asked them to answer this question:

"What are the best practices for securing your remote workforce?"

Meet Our Panel of Security Pros:

Read on to learn what our experts had to say about the best practices you should be implementing to ensure security when working with a remote workforce.

Cristian Rennella

@crisrennella

Cristian Rennella is the CTO and Co Founder of oMelhorTrato.com.

"After 9 years of work and having gone from zero to 134 remote employees, I can assure you that the best practice for securing your remote workforce is..."

Two-factor authentication. With 2FA, each time one of our employees wants to enter our system they MUST not only enter their personal password (of at least 10 characters including numbers and symbols), but we will also send them a 4-digit code to their personal cell phone.

We implemented 2FA just five months ago, and thanks to it we have been able to reduce security problems by 38.2 percent (yes, it is working perfectly!). And is the reason why I strongly recommend it to other organizations with a remote workforce.

Marcus Harris

@Taftlaw

Marcus Harris is a Chicago-based global technology attorney, quarterbacking a high-profile legal team for Taft Stettinius & Hollister LLP, one of the country’s oldest national law firms.

"The best ways to secure your remote workforce are..."

1. Be Wary Of Allowing Employees To Bring Their Own Devices

The risk it poses to the protection of confidential and proprietary information and trade secrets information is enormous. Without the proper policies in place, employers will have very little control of information that is on that device. This becomes problematic when employees are fired or resign.

2. Have A Policy in Place

To avoid unnecessary disputes and the costs associated with them, it makes sense to have a carefully drafted BYOD policy in place with employees. Not having a comprehensive policy invites disputes over what data/information is what, makes it hard to get back, and may compromise the protection of intellectual property.

3. Use Applications To Monitor Data Usage

It makes sense to use technology that manages and monitors data transfers and minimizes the risk of “theft.” For example, many employers allow employees to utilize their own cell phones for both work calls and work emails. They do this by utilizing applications that are controlled by the employer and allow the email functionality to be disabled when the employee leaves the company.

Abhishek Shankar

@handabhishek

Abhishek Shankar is the CEO of Majime. Majime is a skilled workforce platform designed build on blockchain.

"As working practices become more casual, comfortable, and collaborative..."

Organizations need to tighten their belts to ensure data security with measures such as:

1. Content storage should be allowed on cloud only. Use cloud or web-based storage software that allows sharing and editing of documents (for example, Cisco Cloudlock).
2. Network Security using proxied connection to device only.
3. Endpoint security using 2-factor authentication. This adds a second level of security to important applications. Multifactor authentication uses OTP (one-time password) technology, certificate-based USB tokens, smart cards, and many more advanced security technologies.
4. App security such as email and storage using on-device security apps like Proofpoint and Datamotion, etc. There are several set-and-forget email encryption tools on the market. These systems deliver end-to-end protection, taking care of everything from scanning to encryption.
5. No connection is allowed with public WiFi.
6. Contingency plan for risk management. If a remote worker loses a laptop with sensitive business information on it, it’s essential that the laptop can either be tracked or remotely deleted.

Tim Bandos

@midnit3sec

Tim Bandos, CISSP, CISA is Vice President of Cybersecurity at Digital Guardian. He has over 15 years of experience in the cybersecurity realm with a heavy focus on internal controls, incident response, and threat intelligence.

"Some of the best ways to secure a remote workforce are..."

Implement Telework Policy

Typically, when it comes to securing your teleworkers, the first item on the agenda is developing a corporate policy around it. This policy should outline what’s acceptable in the form of remote access, how data is handled, what level of authorizations are available, etc. Risk-based decisions can be made here also depending on the types of devices being used for teleworking (ie. Company Issued, Personal Laptop/Mobile etc.). More stringent controls should be in place for devices that aren’t issued specifically by the company.

Implement Secure Remote Connectivity

Any connections made to the company should be performed through a VPN (Virtual Private Network) which either leverages SSL (Secure Sockets Layer) or IPsec (Internet Protocol Security) to encrypt communications from the remote teleworker’s machine; depending on various requirements. This both safeguards the end user along with the corporate environment to ensure no pesky adversaries are snooping in-between.

Endpoint Security

Installing an endpoint agent(s) with the ability to perform (1) data protection (2) malware protection will provide greater assurance into securing the endpoint especially if corporate data is allowed to reside on the machine.

Andy Gray

@Pro_sapien

Andy Gray is the Principal Consultant at Pro-Sapien. Andy's experience lies within everything SharePoint, SQL and Azure, and he is one of the founding partners of Pro-Sapien.

"Our IT team works on tight schedule and they have multiple projects at the same time..."

Some of our developers work from home twice a week regularly, so it's been important that we have a streamlined system in place with supporting tools that allow remote work without disruption. The team has a stand-up every morning, and those who're not in the office join via video call. Video calls are also made during the day in case something needs clarification. All projects are monitored and updated on Trello, a team collaboration site. This way, every member of the team can see what their teammates are working on. In addition to this, they use Microsoft programs (e.g., Microsoft Teams, SharePoint, Outlook, OneNote, and Flow) that allow for easy communication, sharing, and automation. Security is an important consideration with remote work – we use Microsoft Office 365 which has stringent security features that adhere to ISO 27001. These tools and the culture of video calls keeps the team engaged, connected, and informed.

Andy Jordan

@Mosaic451

Andy Jordan is the Special Project Lead at Mosaic451.

"Working remotely itself is not dangerous..."

It is the lack of policy and technical controls enforced by an organization coupled with the actions of the remote employee that manifest the risks into very real dangers. Consequences of poor cyber security hygiene while working remotely or while on the road can include anything from sensitive data compromise to unauthorized access into the organization's infrastructure. Secure communications while working remotely is a combination of technical solutions and controls combined with proper employee operations security (OPSEC).

When a business decides to employ a wireless network to accommodate remote employees, they are knowingly giving up a portion of physical control. It has been often stated that instituting a wireless network is like placing an open Ethernet port on your front lawn. Depending upon the methods employed to secure the wireless network, this analogy is not far off. From passive data collection via wireless monitoring to active denial of services attacks and everything in between, the dangers of employing wireless network are directly related to the way a business approaches implementing and securing it.

Selecting the proper wireless security standard that is proportionate to the current and future projected scale of the network will allow for growth and ease of management. These attributes will have a net positive effect on wireless security. Providing resources for the education and training of the IT staff and onsite security personnel, often the same individuals, will provide them with the tools they need to identify the risks associated with wireless networks along with proving them the skills required to successfully manage the wireless network in a secure manner.

Performing internal audits and third-party penetration testing of the wireless network will aid in identifying gaps in security that may have been missed during wireless network implementation, as well as a providing a fresh set of eyes by wireless professionals experienced in detecting misconfiguration and poor security practices. Also, educating employees of the risks and dangers associated with wireless communications, both within the corporate network and public networks, coupled with a sound employee wireless security policy that is enforced, will only serve to enhance the company's overall security posture.

Jon Hayes

Jon Hayes works with Pixel Privacy.

"When dealing with a remote workforce, the important thing to understand is that there will always be risks involved..."

The key thing is to mitigate these risks as best as possible by ensuring robust measures are in place.

The first thing you should lay out to your remote workforce is that all work data and personal data must be treated separately. Of course, your team will likely be using their personal devices to access documents and go about their daily work duties, but it's important that they aren't using personal accounts for work-related duties. For example, if writing an article, this shouldn't be stored in their own personal Google Drive. The main reason is that providing you've set up the correct business accounts for your workforce, you'll usually have absolute control over that data from your admin panel. For example, Google's enterprise solutions give you the opportunity to delete or lock any sensitive data should it fall into the wrong hands.

I would also highly consider investing in a password manager such as LastPass for business. Each time you share your password in plain text you're adding another link to the chain which can be broken. Even if your staff follow the strictest of protocols, there's nothing to say the software you're using to communicate or store this data can't become compromised. Yes. a password manager is also susceptible to this also, but by confining it to one single tool, you can drastically reduce the number of places your data is able to get out.

Finally, I strongly urge simple security training. It's easy to forget just how easy it can be to lose personal data. In an age where we are so focused on remote hackers and data breaches, it's easy to forget something as simple as accidentally leaving your computer unlocked while you take a bathroom break at the coffee shop can leave your sensitive data wide open.

Keri Lindenmuth

@kyledavidgroup

Keri Lindenmuth is the marketing manager at KDG. For over 17 years, KDG has been helping businesses improve their processes, their customer experience, and their growth.

"One of the best practices businesses can implement when it comes to securing their remote workforce is to use a VPN..."

A VPN encrypts data in transfer, allowing personal and confidential data to tunnel from one device to the next, away from prying eyes.

If a business decides to go with a VPN, they should ensure the VPN is from a reputable company that doesn't keep a log of your business's activity. If they do, your data may be at risk of being sold to a third-party.

Also, businesses should be aware that remote workers connecting to networks with a VPN may experience slower internet speeds. However, this is a small price to pay for the peace of mind that data is secure.

Michael Fauscette

@mfauscette

Michael Fauscette is chief research officer at G2 Crowd. He served as senior analyst at IDC for a decade, before joining G2 Crowd as their resident expert on all things digital transformation, including AI, IoT, and cybersecurity.

"With cyber-threats ranging from network hacking to ransomeware..."

Providing any opening or weakness in network security can open up potential risks to reputation, to competitive advantage, and financially for violations of an every growing body of privacy protection laws around the world. The potential for network breach, and loss of sensitive business, customer, supplier, and employee data is particularly high. It’s hard enough to protect your business using the best security practices, opening up a single weak spot is all a hacker needs.

There are several best practices for remote workforces using other WiFi networks, including:

• Change default passwords and user names. Make them long, random, protected and carefully managed
• Use security, but not just any default (usually WEP) security protocol, use the best available at the time, which is WPA2 at present. You can increase the protection more by also using EAP-Transport Layer Security (TLS) for more secure user authentication.
• Turn off WiFi-protected setup (WPS) to prevent bad actors from using it to breach your network more easily.
• Do not allow employees to use non-company provided networking access points and hot spots.
• If you have a “guest” WiFi network, keep it firewalled away from the rest of your network.
• Separate your WiFi from the core network also, by using a firewall.