Magazine Button
Best practices for securing a remote workforce in the age of digital innovation

Best practices for securing a remote workforce in the age of digital innovation

Enterprise SecurityInsightsTop Stories

Digital innovation can offer many distractions to a business leader and this plays right into a cyberattacker’s hands. Alain Penel, Regional Vice President – Middle East, Fortinet, discusses how remote working can be made safer and some of the ways to avoid creating security gaps when new technology is introduced to a network.

Today’s workforce is increasingly comprised of millennials and tech-savvy individuals that are accustomed to using technology in every aspect of their lives. As a result, remote employees expect a seamless user experience across devices and locations, using personal applications and devices at work and vice versa. However, many times these employees are not considering the cyber-risks that may accompany bringing new technology into the corporate environment. The resulting security challenges have become a major pain point for organisations.

Along the way, cybercriminals are hoping that organisations will be too busy thinking about the business advantages of digital innovation to prioritise the cybersecurity components of that process. And they are watching and waiting to exploit any of the security gaps created when new technology is introduced to the network.

Addressing cyberthreats from all angles  

To improve their defences, it is important for organisations to create a security-driven networking strategy from the ground up that automatically expands into any new networking environment, application strategy, or device deployment. Saving security matters until after the network has been developed only increases the odds of new security gaps being introduced and a resulting cyberattack. To prevent this from happening and to create a security-driven network, here are seven best practices that organisations can follow to better secure their digital innovation efforts.

1. Prioritising cloud security

Organisations need to remember that cloud providers only secure the underlying architecture of a cloud environment, not the data itself. An organisation’s responsibility lies in protecting the data and the applications that are moved to the cloud, along with any virtual infrastructure that they build there. Cloud security can be complex, so choosing a trusted vendor to help design, build and maintain consistent security across your multi-cloud environment, and tie it back into core, branch and mobility security architectures with a single console for holistic visibility and control is extremely important.

2. Use Zero Trust access protocols 

As many data breaches are caused by individuals gaining access to unauthorised levels of network resources and devices, Zero Trust combined with strict access control is critical. To better secure those network environments even further, security teams must also introduce two-factor authentication and implement dynamic network segmentation to limit who sees what while also carefully monitoring devices.

3. Stay up-to-date on privacy laws

Massive penalties await those who violate the EU’s strict data protection regulations (GDPR). With new privacy laws on the books across the globe, including California’s new California Consumer Privacy Act which went into effect on January 1, 2020, it can be easy to go astray. Organisations should look for security tools that will offer guidance on remaining compliant amidst digital innovation. 

4. Monitoring web presence

As cybercriminals continue to target vulnerable websites, security teams must take additional steps to ensure their websites and web applications are able to stand up against these threats. This includes securing SaaS apps, deploying web app firewalls and implementing Cloud Access Security Broker (CASB) solutions and endpoint security tools for mobile users. Organisations should also only choose solutions that are designed to function as an integrated system for seamless coverage and no security gaps.

5. Securing apps 

Software developers who build the apps used across organisations do not always prioritise security, especially in third-party apps that are typically installed on personal devices. For these types of apps, organisations should deploy endpoint security tools, while for in-house app development, be sure to leverage security tools throughout the development process, including container-based solutions designed for agile development strategies and DevOps teams.

6. Strengthening wireless connections

Working remotely is becoming more common, with employees going online from home, coffee shops, or on the road. While this can help productivity and efficiency, organisations must be sure that these devices are connecting from secure access points. When using public Wi-Fi, cybercriminals can intercept data running between the end-user and the organisation –  a risk that can be minimised by encouraging the use of VPNs and deploying wireless management solutions.

7. Extending security to remote locations

In addition to securing connectivity to and between remote locations, organisations must also take care to secure and manage the local branch LAN as well. With no on-site IT staff, these locations need a simple, comprehensive solution that secures a wide variety of traditional and IoT on-site devices, such as that provided by an SD-Branch solution.

Final thoughts

Digital innovation is a business-critical priority, but if cybersecurity is not rolled in from day one, organisations will leave themselves and their employees open to serious cyber-risk. Remote working needs to be made safer for employees who should be provided with the appropriate tools and devices that are part of the network perimeter. Often those who work from home or remotely ignore the basic rules applied by the company, starting with adhering to the minimum cyberhygiene rules such as updating the operating system, using an effective antivirus, strong passwords and backing up data regularly. At the same time, companies must have structured polices in place for remote workers, that must be adhered to.

Browse our latest issue

Magazine Cover

View Magazine Archive