How to protect your remote workforce

2020 has been the year of remote working, and it looks like it’s here to stay. Even the most skeptical companies have managed to find a way to make it work and, as a result, employers and employees alike are considering whether it might be the better option for many people going forward.

Of course, with the rise of remote working comes the ever-evolving issue of IT security. Companies with employees working remotely in any capacity need to adopt a different approach to their security, but many organisations aren’t investing in adequate security and are overlooking key threats. It's one thing to keep an eye on security when your workforce is in one central building, and another when they're let loose over home networks. According to a recent HP survey, 77% of IT decision makers believe more remote work means more security vulnerability.

What’s more, it seems like many companies will favour a hybrid approach going forward, with some staff working remotely and others on site. When your workforce is spread across numerous locations, IT security is no longer just about creating a watertight barrier around a central network – that network must remain as secure as ever, but you also need to ensure your employees can safely connect to the cloud wherever they may be accessing it.

The good news is that there are steps you can take to ensure your remote workforce is as protected as employees working within your office walls. If you’ve upgraded to Windows 10 Pro, then you’re off to a great start – Microsoft's latest OS has security baked into its core. Coupled with the latest hardware, it will help you create a resilient IT infrastructure that's both intrinsically secure and easy to use, whether in the office, at home or on the move.

Investing in endpoint security

Endpoint security is one of the biggest concerns for companies with remote working policies. It’s not just inadequately secured laptops you need to watch out for – other IoT devices such as printers can be vulnerable too. According to HP’s research, 35% of ITDMs are concerned about the security risk of home printers and 45% are worried about laptop security. As a result, HP found that 46% of ITDMs plan to augment endpoint security.

Ensuring your devices are as safe as possible when browsing online is key to minimising threats coming in over home networks. With Windows 10 Pro comes SmartScreen, a cloud-based anti-phishing and anti-malware filter that checks websites and downloads against a trusted list, warning users of potential threats. HP's 800, 830 and 1000 Elite series enhance browsing protection further with HP Sure Click, which creates a secure sandboxed environment for each browser window, ensuring that any attack that occurs can't spread and infect the machine as a whole. This tricks any malicious software into believing it's running on your device when it's actually trapped in the tab and destroyed when you close your browser. The key benefit of Sure Click is that it doesn't rely on the malware having already been recognised and logged, thus tackling the newest and most advanced threats head on. In addition to this, HP devices also come with HP Sure Start, which provides hardware-enforced BIOS protection that can automatically detect, stop, and recover from attacks against the BIOS.

When your employees are working in public locations, such as on public transport or in a cafe, there are a number of further precautions you should take – and having the right tools and applications already enabled on their machines will make that transition a whole lot easier and stress free. For example, to avoid "shoulder surfing" (hackers literally looking over your shoulder when you’re accessing confidential information), a privacy screen can add an extra level of protection. Devices in HP’s EliteBook range now come with these built in. At the tap of a button, HP Sure View will activate, significantly narrowing the viewing angle of the screen, and ensuring that only the authorised user can see what's being displayed.

Another public pitfall is cloned hotspots. These malicious Wi-Fi networks are created with an identical SSID to a safe hotspot in an attempt to trick new users into joining them by mistake. All it takes is a click on the spoofed hotspot to be at risk of sharing your every online move. Avoid this problem by alerting your employees to this kind of attack and ensuring they send all sensitive communications via an encrypted VPN.

One way to ensure your employees are secure is by equipping them with up-to-the-minute devices with sophisticated security features. That’s where a device as a service (DaaS) solution comes in use, eliminating up-front costs and supplying IT departments with new hardware ‘on-demand’ when it’s needed the most. HP’s latest devices, for example, come with powerful security options like HP Proactive Security. This offers multiple layers of proactive protection and advanced deep learning and isolation technologies more advanced than a traditional anti-virus tool.

There’s also HP TechPulse, a cutting-edge analytics platform offering critical data around devices and applications so IT can quickly identify issues and action solutions at scale. With tools like these in place, much of the burden on IT is lifted and focus can be shifted to longer-term strategic projects.

Enforcing best security practices

Of course, advanced security features are great at catching a lot of the problems caused by human error, but that doesn't mean your employees should mindlessly rely on their software and devices to protect them. From dodgy links to suspicious emails, the internet can be full of traps and pitfalls and if your employees are carelessly leaving their devices unattended or clicking on unfamiliar links without thinking, you may be fighting a losing battle. Your workforce needs to be made aware of key issues and advised on how best to avoid them.

Start by creating a best practice guide to work alongside your updated security system. This should include encouraging employees to ignore any content from unknown senders, to be mindful of their surroundings when working in a public space, and to avoid downloading or storing work data on personal devices. Remote workers should also be encouraged to back up data frequently so that a lost device doesn't mean lost data. Cloud storage services such as OneDrive are ideal solutions, and also ensure that data is always up to date and accessible from anywhere, while also being secure.

RELATED RESOURCE

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

FREE DOWNLOAD

Involve your staff from the beginning and keep them informed of changes as and when they are made. Your employees are far more likely to use the simple Windows Hello biometric login feature than to go through the hassle of creating a different complex password for every account, and they are more likely to use a multi-factor authentication if the security code is sent directly to their phone. Both of the above security practices are far safer than your traditional password, so everybody benefits. Of course, you'll need hardware equipped with the right biometric sensors like the HP Elite Dragonfly that are compatible with Windows Hello’s functions.

Last but not least, you need to make sure your IT team is also following security best practices. Misconfiguration and out of date applications are two of the biggest vulnerabilities you can introduce into your IT infrastructure. Ensure that every device used to access company data is operating on a supported OS which is regularly updated, such as Windows 10 Pro. You may also wish to invest in a cloud provider to manage and give you greater visibility of your digital assets to make certain everything is configured correctly and compliant.

Choosing the right hardware for the job

The most effective way to reduce the risk of your company data falling into the wrong hands is to encrypt the devices that your remote workforce use, so that only your chosen employee or someone with the encryption key can access any files. Equipping all remote devices with dynamic encryption, such as Windows BitLocker, is an excellent way to standardise security. Like many of the more advanced OS security features, BitLocker requires support from premium hardware to run at full capacity. HP's Elite range incorporates the crucial Trusted Platform Module (TPM), which stores part of the encryption key for your data, stopping thieves from removing your hard disk in an attempt to steal your files.

BYOD (Bring Your Own Device) policies can also expose your organisation to security issues. Allowing employees to use their own, personal devices for work purposes can open up a Pandora's box of problems if steps aren't taken to secure them. Organisations choosing to go down this route must enforce clear best practice guidelines on any device, and ideally keep work and personal data completely separate through some form of sandboxing. However, a much safer practice is to only allow workers to use company-issued devices and to invest in certified hardware and software to make sure security is uniform and up to date. This may result in a larger IT estate to manage, but it will significantly reduce risk.

Put simply, a modern management approach is required from IT so that they can quickly deploy the latest devices, all backed up with security features to help people work securely, wherever they might be. IT departments need to factor in added risks of remote working, such as more vulnerable networks, poor employee security habits, and the use of under-secured devices for work. By choosing a partner like HP Services, you’ll have a full range of managed solutions tailored exactly to your business and its security needs.

Protecting your remote workforce might be an investment but it needn't be a headache. With Windows 10 Pro and the right supporting hardware, you can keep your workforce secure, both inside and outside the office.

Discover more about secure HP devices equipped with Windows 10 Pro

ITPro

ITPro is a global business technology website providing the latest news, analysis, and business insight for IT decision-makers. Whether it's cyber security, cloud computing, IT infrastructure, or business strategy, we aim to equip leaders with the data they need to make informed IT investments.

For regular updates delivered to your inbox and social feeds, be sure to sign up to our daily newsletter and follow on us LinkedIn and Twitter.