10 Best Practices for Secure Remote Work

Stuart Loh • 

IT departments had days to move business operations to employees’ homes when the COVID-19 stay-at-home orders went out. Inevitably, getting the job done required shortcuts and compromises that have increased security risks for their companies.

With the initial scramble over, now is the time to step back and bring your company’s security posture back in line. Remote working is the new reality. These best practices will help you address the security gaps created when all of your employees started to work from home.

Keep Talking with Your Employees

Unlike some executives who spend their careers traveling, most of your employees may never have worked remotely. Now they can’t rely on IT to handle security, device, and network issues. On top of all the other stresses of remote working, employees must take responsibility for network security. Make it easier for them through effective communications.

1. Set Clear Policies

Your company’s remote working policies were not created with the Accounts Payable staff in mind. Develop new processes and infrastructure to meet data compliance requirements for stay-at-home employees. And update your policies to reflect the more distributed workforce.

2. Delineate Between Work and Personal

One of the most important policies you will set is how employees separate personal activities from work activities. At the same time, these policies must treat employees with compassion. When schoolkids’ Zoom conferences monopolize the only home computer, barring all personal use of work devices may be unrealistic.

3. Educate Remote Workers

Setting a policy is not enough. You have to go the extra mile to teach employees what those policies are, what they have to do, and why it is so important. A one-time training session is not enough. Create reference materials and video walkthroughs. And follow up regularly without placing too many demands on their time.

Secure the Home Endpoints

Employees may now use their own devices, connected to their home networks, to regularly access company data and resources. But domestic infosec rarely comes up at the dinner table. Work with your employees to improve their home security posture.

4. Secure the Home Networks

How many of your employees ever changed the default passwords or updated firmware on their Wi-Fi routers? How many of them even know how? Your team may need to walk employees — or their tech-savvier kids — through the process.

5. Establish Baseline Security Settings

Employees must set their devices to a minimum level of security. Operating systems and apps should automatically update. Employees should use more secure passwords, install antivirus software, and activate firewalls. Implementing device posture monitoring tools will help but could be a tricky issue when it comes to family computers.

6. Consider Stronger Security Practices

These basic security steps may not be enough if employees work with highly sensitive data. Creating separate user accounts on employees’ personal devices will keep family members from accessing their work. For employees working with data subject to compliance regulations, issuing a managed device may be the only option.

Make Data Security and Compliance Easier

Odds are, your company has not migrated to a completely cloud-based architecture. That means your employees could be downloading company data to hundreds of personal devices. You need to protect that data and give employees the means to leave data on company resources.

7. Encrypt Personal Devices

Help your employees set up appropriate levels of encryption on their personal devices. Keep in mind that features like BitLocker will not be available on most home computers.

8. Provide Approved Tools for Data Sharing

Like it or not, your company’s shadow IT infrastructure has expanded as teams adopt tools like Slack to get their jobs done. Regain oversight of your data by standardizing on one set of cloud-based communications and collaboration tools.

Tighten Access to Company Resources

Many of your company’s resources were never meant to be accessed beyond the network’s secure perimeter. Now the company won’t run unless people can access these resources from their living room sofas. It’s time to refine your access control processes.

9. Set Least-Privileged Access

In the rush to get people out of the office, blanket access permissions may have been a necessary evil. However, a supply chain analyst’s personal laptop should never have access to human resource databases. Limit employees’ access to the specific resources they need using identity management systems, multi-factor authentication, and access control policies.

10. Review Remote Access Systems

The VPN systems most companies use had become security and performance concerns long before COVID-19 emerged. With network entry points fully visible on the internet, VPN technology grants full network access to any authorized connections. Furthermore, VPN gateways are bandwidth chokepoints for corporate networks.

Now that every employee’s personal devices access the network through the company VPN, your security risks have grown exponentially. Subnets and other VPN infrastructure changes can improve the situation. But a permanent solution can only come from more modern remote access technologies like Twingate.

Twingate Zero Trust Security for Remote Work

Three principles — zero trust, need-to-know, and end-to-end encryption — underpin Twingate’s approach to security. Rather than defining security and access control by reconfiguring networks, Twingate overlays a software-defined perimeter around each resource that treats every connection attempt as a potential threat. Access to resources is authorized on an ephemeral, need-to-know basis for both users and devices. Finally, end-to-end encryption protects all of the data flowing between your employee’s devices and company resources.

Twingate offers a frictionless experience for administrators and end-users alike. Granular access control policies become much easier to manage. Administrators can make onboarding, off-boarding, and cross-boarding changes with a few clicks. The “always on” Twingate client lets employees access different resources on multiple networks without having to switch between VPN servers. Unlike most VPNs which funnel all user traffic through a chokepoint, Twingate intelligently routes traffic more directly to its destination, meaning faster internet connectivity and less frustration for users who associate VPNs with making their internet connections slower..

Seamless integration with your company’s security stack affords several additional benefits. You can apply your existing identity provider’s authentication process to any private resource whether or not it supports that identity provider natively. Twingate can also monitor device posture to prevent personal devices with outdated security from accessing any resource. Activity logging becomes more efficient as Twingate provides a single, consistent view of the entire network.

While social distancing policies imposed by the COVID-19 response will not last forever, the shift to remote working may be here to stay. Your business needs a security technology designed for this more distributed workforce. Contact Twingate to learn more about how zero trust can keep your remote workers secure.

"We estimate that we’ll save over $70,000 a year with Twingate given the lower total cost of ownership versus our legacy VPN."
Tanuj Chatterjee
CTO at Pango

Get set up in minutes

Try Twingate today and give your team access to private applications in minutes