The increase in home working during the Covid pandemic has led to a parallel increase in the number of personal devices being used for corporate work. This can cause a huge cyber security headache for organisations who want to protect their data, systems and networks. So, if your staff are geographically dispersed, using a variety of devices, what is the best way to protect your organisation from a cyber attack?
Virtual Private Networks (VPNs)
The sudden switch to home working in the UK as a result of the first government lockdown in March 2020 meant a lot of organisations had to act quickly to keep business continuity. They found a number of ways to solve the cyber security issues linked to people working from home and one of the most popular was the introduction of VPNs.
In fact, in the UK government’s cyber security survey published March 2021, many organisations said they specifically set up VPNs to deal with the changes to their digital infrastructure caused by home working. However, although this solved some of their issues and enabled them to continue running their businesses, from a cyber security viewpoint, VPNs don’t make their network secure. Why? Because if an employee is using a device with a virus on it to connect to a VPN, the virus can easily transfer to other devices linked to the VPN and propagate throughout the company network.
If your users are using their own devices for work, then rather than introducing a VPN, it will be more secure if you introduce remote desktop or CITRIX access. This means your IT department retains control of the host device, the software it uses and the files the user accesses. It also means users don’t have direct access to your company data, which makes it easier for you to monitor and control any security issues.
This also has a benefit to your users, as they often don’t want to install corporate software on their own devices. With remote desktop or CITRIX, all they require is an Internet connection and they can access what they need from any location.
The importance of encryption
Encryption is one of the most secure ways to protect your data, whether users are using their own devices or corporate laptops and phones.
If you’ve implemented connections through a remote desktop or CITRIX, all your data will automatically be encrypted in transit and will only reside on the company network. If your organisation has introduced a VPN, this could introduce a number of issues for consideration such as: can and will the user save data locally, are there policies in place to prevent this, is the remote device a personal or company owned equipment and is the hard drive of the remote PC encrypted for security. These are just a few of the potential hurdles when using VPNs.
Lay down the rules
While ‘bring your own device’ as a policy is less popular now than it used to be, because of the security issues it raised, some users are inadvertently doing it anyway – for instance by using their own smartphones for work.
This could have serious security repercussions for your business, so you need to make sure you have clear guidelines in place and that everyone’s aware of them. This includes introducing rules on which devices people can use and the specific versions of software they should have installed on those devices. If you’re using a VPN, you’ll also need to set up certification for every device that uses it and make your policy on encryption and cyber security very clear within the business.
Introducing and enforcing clear policies in areas such as devices and software is vital for your organisation to show that you’ve done all you can to make your systems secure. It also enables you to take action if people don’t comply.
Do you have any cyber security concerns?