Skip to content
English
Incident Support Customer Portal
Contact Us
  • There are no suggestions because the search field is empty.

What security considerations apply to remote working?

Remote working introduces several cyber security risks, including data breaches, phishing attacks, unauthorised access, and device security threats.

To mitigate these risks, businesses should implement strong security controls. Below are the key security considerations for remote working:

1. Secure Access to Company Systems

🔒 Use Multi-Factor Authentication (MFA)

  • Require MFA for all remote logins, especially for VPNs, cloud services, and business-critical applications.
  • Ensures that even if passwords are compromised, an attacker cannot gain access without a second authentication factor.

🔑 Enforce Strong Password Policies

  • Require complex, unique passwords for all accounts.
  • Use password managers to securely store and manage credentials.

🌍 Implement Virtual Private Networks (VPNs)

  • Require employees to use a corporate VPN when accessing company systems remotely.
  • Encrypts data in transit, preventing eavesdropping on insecure networks (e.g., public Wi-Fi).

2. Secure Devices and Endpoints

🛡 Endpoint Protection & Antivirus

  • Install next-generation antivirus (NGAV), endpoint detection and response (EDR), or managed threat response (MTR) solutions.
  • Regularly update operating systems, software, and security patches to protect against vulnerabilities.

🔐 Full-Disk Encryption

  • Encrypt workstations, laptops, and external drives to protect data in case of loss or theft.
  • Ensure BitLocker (Windows) or FileVault (Mac) is enabled.

👨‍💻 Use Company-Issued Devices

  • Employees should use company-managed devices with pre-configured security settings.
  • If personal devices are used, enforce Bring Your Own Device (BYOD) security policies.

3. Protect Communication and Collaboration Tools

📧 Email Security

  • Enable anti-phishing protections (e.g., Microsoft Defender for Office 365, Google Workspace Security).
  • Train employees to recognize phishing emails and avoid clicking on suspicious links or attachments.

💬 Secure Video Conferencing and Messaging

  • Use end-to-end encrypted communication platforms (e.g., Microsoft Teams, Zoom with E2EE, Signal).
  • Restrict file sharing to prevent data leaks.
  • Enforce meeting passwords and disable auto-join features to prevent unauthorized attendees.

4. Secure Data and File Sharing

Use Secure Cloud Storage

  • Store and share files via corporate-approved cloud solutions (e.g., OneDrive, Google Drive, Dropbox Business).
  • Enforce data loss prevention (DLP) policies to prevent sensitive data leaks.

🔄 Backup Critical Data

  • Implement automated, encrypted backups for critical company data.
  • Ensure backups are stored securely and tested regularly.

5. User Awareness and Training

🎓 Security Awareness Training

  • Regularly train employees on remote work security best practices, including:
    • Identifying phishing and social engineering attacks.
    • Safe usage of company data and devices.
    • Proper handling of sensitive information.

🚨 Incident Reporting Protocols

  • Establish clear procedures for reporting security incidents (e.g., lost devices, suspicious activity, or phishing attacks).
  • Ensure employees know how to contact IT/security teams.

6. Enforce Access Controls

Role-Based Access Control (RBAC) & Least Privilege

  • Limit access to only what is necessary for each employee's role.
  • Implement just-in-time (JIT) access for high-risk applications.

🔄 Monitor and Audit Access Logs

  • Use security information and event management (SIEM) tools to monitor remote access logs.
  • Set up alerts for unusual login activity, such as access from unauthorized locations.

7. Secure Home Networks

🏠 Wi-Fi Security Best Practices

  • Require employees to use WPA3 encryption for home Wi-Fi networks.
  • Change default router passwords and disable remote management.
  • Avoid using public Wi-Fi unless connected through a VPN.

8. Protect Against Insider Threats

👀 Monitor Employee Activity

  • Implement user behavior analytics (UBA) to detect unusual or risky behavior.
  • Use session recording for privileged accounts.

🚪 Offboarding & Revocation of Access

  • Immediately revoke access to corporate accounts, VPNs, and email when an employee leaves the company.
  • Retrieve or remotely wipe corporate devices.

Conclusion

Securing remote work requires a multi-layered approach, combining technology, policies, and employee awareness. Implementing strong access controls, endpoint protection, secure communication tools, and employee training ensures that remote work remains safe from cyber threats.