Published 2020-03-18 by TechNet New England
The shift to remote work happened fast for many businesses. What started as a temporary measure has become the new normal for companies across New England and beyond. But setting up remote work properly, with security as a priority, requires more than just giving employees laptops and VPN access.
Secure the Connection
Every remote connection to your business network needs to be encrypted and authenticated. The options include:
VPN (Virtual Private Network)
A VPN creates an encrypted tunnel between the employee's device and your office network. This is the most common approach for businesses that still have on-premise servers or resources. Key considerations:
- Use a business-grade VPN solution, not a consumer VPN service
- Require multi-factor authentication for VPN connections
- Configure split tunneling carefully (or disable it) to prevent data leaks
- Monitor VPN connections for unusual activity
Cloud-Based Access
If your applications are in the cloud (Microsoft 365, Google Workspace, cloud-hosted line of business apps), employees may not need a VPN at all. Cloud services have their own security, but you still need to:
- Enable multi-factor authentication on every cloud account
- Configure conditional access policies to restrict logins from unusual locations
- Use single sign-on (SSO) where possible to reduce password fatigue
Secure the Devices
Remote devices are outside your physical control, which means you need stronger software controls:
- Full disk encryption: If a laptop is lost or stolen, encryption prevents data access
- Endpoint protection: Business-grade antivirus with centralized management
- Automatic updates: Ensure devices receive security patches even when they are not in the office
- Mobile device management (MDM): Allows you to enforce security policies and remotely wipe lost devices
- Screen lock policies: Automatic screen lock after inactivity
Secure the Home Network
You cannot control your employees' home networks entirely, but you can provide guidance:
- Change default router passwords
- Use WPA3 or WPA2 encryption on Wi-Fi
- Keep router firmware updated
- Consider a separate network for work devices if possible
Establish Clear Policies
Remote work policies should cover:
- Approved devices and how personal devices may (or may not) be used
- Data handling: where files should be saved and how they should be shared
- Reporting procedures for security incidents or lost devices
- Physical security: locking screens, securing devices when in public spaces
Communication and Support
Remote employees need reliable channels for IT support. Make sure your team knows how to reach the help desk, report issues, and request assistance without resorting to workarounds that could compromise security.
Setting up remote work securely does not have to be complicated, but it does need to be intentional. If you need help building or improving your remote work infrastructure, reach out to TechNet New England.