After going remote in response to the COVID-19 pandemic, many small businesses are now continuing with remote work as a long-term setup. However, many of these remote models were set up hastily; businesses need to take a deeper dive into their remote infrastructure to check for vulnerabilities and make sure they’re secure from every angle.
Remote Working Security Policy Recommendations
Every business’s remote work policy should be tailored to its unique setup and needs. However, these policy recommendations are a great place to get started with building and shoring up your security policy for remote work.
- Keep an accurate IT inventory. Software and firmware should remain updated with routine patches and unused resources should be removed from the network.
- Require employees to use a VPN to access the network remotely. We recommend requiring a multi-factor authentication login and programming the VPN to automatically disconnect if the connection isn’t active. NIST recommends setting the idle timeout period to 30 minutes.
- Enforce a password policy for remote work accounts. Note that length is more important than complexity when it comes to password strength; set a high minimum character count to create a strong initial barrier to access.
- Layer security with multi-factor authentication (MFA). Even strong passwords shouldn’t be the only method of defense for access to critical assets, data and the central network. We recommend requiring MFA for VPN access and critical employee logins.
- Conduct regular vulnerability scans to identify security holes and potentially compromised devices. We recommend small businesses conduct vulnerability scans at least once per quarter.
- Create role-based permissions and only assign employees the lowest necessary level of access based on their roles. This will ensure the most sensitive data is only accessible to those who truly need it.
- Use a Mobile Device Management (MDM) Solution. Manage all network-connected devices, including remote and BYOD ones, with an MDM system. The MDM solution should be able to automatically recognize devices and allow or block network access based on factors like device type, operating system and security measures.
- Implement antivirus software and firewalls. All network-connected devices should have antivirus software in place and implement a network firewall to form a security baseline. Note that next-generation firewalls, like Cisco Firepower and Meraki products, are much more effective than traditional ones, which are now considered largely ineffective by hackers. Next-generation firewalls can more dynamically block threats with features like application awareness and control, built-in intrusion prevention and cloud-delivered threat intelligence.
Create and Enforce Policies With Infinit Technology Solutions
Infinit Technology Solutions is an IT provider that helps small and medium-sized businesses secure their remote environments. We can help you design a policy that keeps your remote business operating securely at full capacity. For help with securing your remote business, contact us.
To learn more, download our infographic on the top five tips to keeping your remote employees productive and your business secure.