+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

The shift to remote work created a new model for cybersecurity. Here are tactics companies can use to protect their work-from-home employees.

Feb 8, 2022, 23:09 IST
Business Insider
Kazi Awal/Insider

Advertisement
There are a number of options today for companies to protect the integrity and security of its remote employees.Kazi Awal/Insider
  • The pandemic upended how companies think about and utilize cybersecurity.
  • Multifactor authentication and secure remote access are essential for work-from-home employees.

While the pandemic opened up new ways for cyberattackers to use fear and misdirection to take advantage of vulnerable networks, great strides were made from a cybersecurity perspective to improve remote access and protect cloud data and devices.

So what is today's new normal? Companies are changing their defensive tactics to better protect both their networks and employees, said Garrett Bekker, principal analyst for information security at 451 Research.

As companies are in the process of reopening their offices — where some employees will once again work behind corporate firewalls and other enhanced security hardware and software — many users will stay remote-first for the near future. That said, there are a number of options today to protect the integrity and security of remote employees.

Cybersecurity tactics for remote employees

The model of zero-trust cybersecurity, while still in its infancy, plays a vital role in reducing corporate risk. The concept essentially "trusts" no one in the company; every user, device, and application are constantly authenticated via texts, pings, or even biometrics — even if they were just authenticated minutes ago. Zero trust is becoming a default model for companies to always verify the users on their networks.

Advertisement

As companies continue to embrace zero trust — replacing traditional, vulnerable technologies such as virtual private networks with more enhanced options such as zero trust network access that offer secure remote access — they will better protect remote users and enhance their network capabilities.

"Our survey data show an increase in demand for multifactor authentication and traditional virtual private networks, as well as newer zero trust network access that provide secure remote access without a VPN," Bekker said. "MFA is really key to ensure that people are who they claim to be and help eliminate phishing and attacks using compromised credentials."

Multifactor authentication ensures that the person logging in to a corporate asset, be it the corporate network or cloud resources, is indeed the authorized user. It's important companies ensure that their users are verified and that their laptop, mobile device, or other technology have been pre-authorized and confirmed. If a user has their credentials compromised, this tactic can prove crucial to protecting a company's data.

Regardless of the size of the organization, Bekker also said companies should keep employees' personal email and computing devices off the company's network and cloud services.

"It's best to have remote employees use their business email for work and keep personal email separate," he said. To prepare workers for cybersecurity success, a company should require all remote employees to use a corporate-issued laptop with a corporate email and requisite security settings preinstalled.

Advertisement

Another tactic companies are using for their remote and hybrid employees is the expanded use of cloud-based office suites such as Microsoft 365 or Google Workspace. These applications can employ multifactor authentication, along with other enterprise-class security controls, to verify users and devices. Through the advancement of cybersecurity technologies, the current identification methods available to corporate security surpass basic usernames and passwords.

While small and midsize firms have the biggest challenges, because less money is devoted to resources like highly experienced technical staff and automated security systems, these companies still have options available to protect themselves, Bekker said.

Bekker added that these organizations should consider a service-based offering that is SaaS-based and requires less staffing, maintenance, on-premise hardware, or software to install.

You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article