Teleworking: How to Secure your Employees Wherever They Are

New technologies allow employees to work remotely; from home or on a business trip. Teleworking is a growing habit thanks to the increased use of mobile devices such as tablets, mobile phones, laptops, as well as cloud storage in the professional environment.

One of the most important aspects to consider is the connection itself. Employees should not connect to free Wi-Fi, especially in train stations and airports. These networks are too often used by attackers to disseminate malicious software, targeting organisations or companies through their employees.

No matter where you are outside the company, it is important to use a Virtual Private Network, also called VPN. This tool allows the user to create a direct and secure connection between the device and the company’s internal network, essentially imitating the computer being plugged in the company’s network; the data received and sent by the employee is thus protected and access to internal resources can be granted.

The software used to provide the VPN service must be chosen with the utmost care and it must be kept up to date and configured carefully. The clients should be authenticated by using asymmetric encryption and not only a login and a password when connecting to the VPN. Prefer to use a well-known, ideally open-source, easily auditable solution, for example, WireGuard. More information about VPN and how to use it can be found on our YouTube channel.

Devices Must be Prepared in Advance

As always, the endpoints remain the major weak points. The best VPN service is useless if an employee connects to it with an infected computer. Computers of employees must be protected with an up-to-date antivirus. Otherwise, the VPN would be an illusion of security, and would become a secure and trusted channel for ransomware.

Before any teleworking of an employee, the IT team (or the person in charge of the security) has to set up the device correctly. The following tasks have to be done:

Communication and Training are the Keys

The interest of teleworking relies on the capacity of employees to accomplish their tasks while not being at their desks. It might be reassuring for the management to set a detailed security policy with high-security requirements. However, it is more efficient to focus on basic and well-understood rules by the employees; they have to also understand the reasons of a security measure and the consequences of cyberattacks. To achieve this, the employees have to be trained often in-house or externally by information security professionals.

Additionally, some rules must be set and respected by everyone. Here are some examples:

As the teleworking practice grows, it is important to give necessary guidelines for employees. Most of the security problems come from employees who have not been trained enough or do not understand the consequences of their behaviour. It is also possible to minimise the threat of non-compliance by involving employees during the process of creating information security rules and guidelines.

CASES Expert Voice

‘Teleworking begins to gain popularity with connections becoming increasingly better. Most companies are mature enough to have a VPN to protect their data and communication. However, most of them only concentrate on technical matters and forget that the human factor is the weakest link in the security chain. The rules and guidelines should be clearly defined, understood, and signed. Besides, explanation of consequences should be given and employees should be properly prepared for the usage of technology.’

Table of Content