Intro
In the wake of the pandemic, more and more businesses continue to make remote work opportunities available to their employees. Not only does a remote work allow businesses to quickly scale-up without concern for physical office space requirements, but it also affords employees much greater flexibility and comfort.
As with any major business decision, bringing on a remote workforce (or expanding an existing one) warrants consideration of the IT infrastructure requirements and cybersecurity concerns associated with it. Let's look at some best practices and considerations.
Provide Company-Owned Hardware
By providing your employees with company hardware, you immediately establish a solid foundation for secure remote access. When you own the hardware, you have full control over configuration and restrictions for the end user. This might include requiring the use of a company VPN client to secure network traffic, limiting what software can be installed, and ensuring regular antivirus scans are being completed. This also ensures (in theory, anyways) that when an employee leaves the company, all data that was on their company device is returned to you. Even if the employee fails to return the device, you may have options to remotely wipe it at the next startup to avoid potential data leaks or misuse.
Use Virtual Desktops for BYOD Programs
While providing company-owned and managed hardware is preferred in most scenarios, it's totally understandable that not all businesses will have the resources to provide devices for their employees. Not only is there a significant cost involved with purchasing these devices, but there's also a sizeable time investment required for getting the device provisioned and configured before being sent to the employee.
If you do allow employees to use their own devices ("bring-your-own-device" or "BYOD"), you may want to consider implementing a virtual desktop infrastructure (VDI). With this infrastructure, all of your employee's "desktops" live on virtual servers in the cloud, and are accessed through a single program your employees download onto their personal device. This means that your company has complete control over the virtual desktop, much in the same way that you would over a physical computer - without requiring you to buy, configure, and ship devices. Plus, you get the added benefit of your employees always being able to access the same "desktop" regardless of what physical device they're using.
While the cost of running a stable VDI can be a bit hard to swallow at first, the cost almost always pales in comparison to that of purchasing and provisioning company-owned hardware for all of your employees.
Require VPN Connections
If your employees need to access resources in your organization's internal network, it goes without saying that you NEED them to use a virtual private network (VPN) connection. A VPN encrypts the internet traffic between your employee's device and your internal network, and gives the added benefit of making sure traffic relevant to your business operations is only associated with your organization's network. This also means your company's internal resources (file servers, web servers, etc.) don't need to be exposed to the public internet for employees to access.
In additional to a traditional VPN connection, many VPN solutions now provide Zero-Trust Network Access (ZTNA) configuration options. With ZTNA, your employees are not only looped in to your internal network, but they also only get access to the resources they absolutely need. This is called the "principle of least-privilege" and means that your employees (and their devices) can't access unnecessary resources simply because they have the privilege of connecting to your internal network.
Restrict Logon Hours & Locations
If your employees should only be working during specific hours and locations, you should consider restricting when your employees can access company resources based on these conditions. By restricting logon hours, you prevent employees from meddling in company resources when they feel they may not be under the watchful eyes of their supervisor. Likewise, by restricting the locations your employees can log in from, you can help prevent logins from bad actors who may have stolen your employee's credentials.
Of course, if you do implement these restrictions, make sure that your employees (or at least your most critical staff) have a means of connecting during true after-hours emergencies in a "break-the-glass" scenario. You wouldn't want to apply a blanket policy across your organization and lock out users who genuinely need access.
Implement Multi-Factor Authentication
Not only is multi-factor authentication (MFA) continually growing to be a must in today's world, it's an absolute must for remote workforces. By requiring multi-factor authentication, you impose an additional layer of security to ensure that only intended users (i.e. your employees) are able to access your company's resources. This is especially important with mobile devices that may easily be lost or stolen and aren't tied to desk in your offices. MFA poses an additional challenge for would-be bad actors who are looking for a gold mine on your employee's forgotten laptop in their local coffee shop.
Conclusion
Remote access is a key component for flexible and distributed workforces. Done right, it can be a game-changer for your business - but it requires the same, if not more, care and consideration for stability and security as any on-premises IT infrastructure. For all of your remote work solutions, contact Cosmistack - your trusted advisors in technology!
