CSW S1, E16 - How To Keep Employees Secure While Working Remote

Fred Cobb – CISO and VP of Services, InfoSystems

Josh Davis – VP of Marketing, InfoSystems

Setting up a remote workforce is frustrating when there are no policies or plans in place to help. In addition, without the proper security measures, a remote workforce is vulnerable to cyber-attack. In this episode, Fred and Josh discuss how to respond to the demand of a remote workforce with proactive policies, plans, and security controls. This episode is not meant to be a quick fix or legal advice, but tried and true advice from InfoSystems' lead Cybersecurity expert, Fred Cobb. First, all business leaders should take a look at the administrative controls that are in place to cover remote workers and their technology.

Comprehensive and secure policies should be put into place for permanent or remote-first employees. While strict policies aren't always necessary for employees who are optionally and sporadically working remotely, you still need to make sure you are doing what it takes to protect your company. Many companies haven't put a work-from-home policy in place at all. Take a hard look at the work practice controls you currently have in your remote work policies.

Security Control Questions to Ask Yourself as a Business Owner:

- Can you manage the AntiVirus on remote devices?

- Are you using a VPN from a trusted vendor for your remote connections (not Remote Desktop Protocol native in Microsoft desktop which has dangerous public/exposed vulnerabilities)?

- Are you aware of the risks involved with employees using personal devices to do work (this is NOT recommended)?

- Have you ensured that there is no split tunneling in place?

- Are you able to regularly patch the applications and systems on remote devices?

- Are your employees required to complete training on security awareness? Untrained employees are your greatest risk for phishing emails. Employees who forward suspicious emails (think - "what is this?") help spread cyber-attacks and increase the risk of malware infection.

If a business does not have any of the above in place, there is not a doubt security problems will arise or have already come to the surface. It's important you are proactive with your security measures. It can mean the difference between your company surviving and your company crumbling when an employee clicks on a malicious email link.

More Information
We'd love to hear your feedback. If you have any questions, you can text us at 423-697-9528 or email marketing@infosystems.biz.