KUALA LUMPUR, 30 Jun 2015: With an increasing number of employees in Malaysia now working from home, organizations should reassess the IT security needs of its remote workers, according to Fortinet, a global leader in high-performance cyber security.
“Many Malaysian organizations are shrinking their office spaces and expanding their employees’ ability to work from home. In this exceptionally mobile world, “home offices” can literally be anywhere that isn’t company property. Therefore, organizations in Malaysia need to take the security of their employees’ home offices seriously,” said Michelle Ong, Fortinet’s Country Manager for Malaysia.
Home offices can be anywhere that is outside of a secured corporate network. Other than his or her home, employees could access their corporate network from just about anywhere with wireless connectivity from the local library to a familiar coffee shop. “Securing the home office is really about taking a holistic approach to endpoint security and remote access rather than making sure employees have something more than WEP securing their wireless routers at home,” added Ong.
Fortinet advocates 6 critical best practices to creating a secure remote work environment:
1. Use a VPN
No matter how an employee accesses corporate resources, if done with a correctly implemented VPN tunnel, content moving to and from employee resources will be secure. There are even VPNs offered as a service to secure mobile sessions over public WiFi, but building VPNs under corporate control is easy, cost-effective, and ultimately safer than relying on VPNs in the public cloud.
2. Enforce client antivirus installation and updates
Multi-layered approaches to security are critical to ensuring their effectiveness, both within corporate networks and outside of them. At the same time, it can be difficult to ask users to protect themselves or their employers’ networks. Running antivirus updates and OS patches tends to fall fairly low on their list of priorities so implementing services that enforce automatic updates on clients outside of corporate networks is a must for remote workers.
3. Prevent the use of consumer cloud storage products
As consumer cloud storage products like Dropbox and Google Drive have become more full-featured and easy to use, it becomes very tempting for users to simply upload work files to the cloud. Unfortunately, when employees leave a company, there is no way for employers to ensure that corporate assets don’t stay on that desktop computer in the ex-employee’s home office. Preventing access to these services while employees are on the network provides a layer of protection and control, not to mention regulatory compliance for many industries.
4. Provide platforms that avoid the use of removable media and facilitate secure collaboration
Of course, if users can’t upload their files to their personal cloud-based storage account, they’ll be tempted to load them onto flash drives or other removable media to access them at home. Well-publicized vulnerabilities on these types of media, though, make this a dangerous prospect. The solution is to provide business-grade tools for secure file sync and share and enterprise collaboration so the temptation of thumb drives and cloud storage are easy to resist.
5. Wherever possible, secure the environment
While it isn’t possible to go to every users’ home to deploy a access point, and centrally manage them as one can do in a corporate network with optimized security settings, it is possible to require home office users to implement strong encryption on their home routers. Even if that means guiding a user through the setup or offering 4G hotspots at a discount to employees (that use encryption by default), it makes sense to take steps to ensure a relative degree of security on home networks.
6. Security begins with education
Unfortunately, many organizations rely on firewalls, intrusion prevention systems, and anti-malware software to protect their networks but ignore the real weak link in the security chain: users. Even large organizations with strong security measures have been brought down by unwitting users who fell for sophisticated social engineering and disclosed login credentials or introduced malware onto the network.
“The ‘6 ½ consideration’ is to have a policy. Although that seems to go without saying, recent research suggests that a lot of organizations have no written policy on personal devices, home offices, or remote access to company networks and assets,” said Ong. “Perhaps this should have been #1 – good, well-thought out policies that both IT and employees can live with is a cornerstone of good security.”