Cybersecurity Best Practices for Remote Workforces

With the rise (and continuation) of remote work, maintaining cybersecurity has become more challenging. This post covers some best practices to protect your workforce. This is meant as a guide and starting point for things to be aware of and potentially implement. Some recommendations may not apply to your specific situation, or you may have more or fewer items to implement.

Training & Communication

Make sure you train your members on your procedures and policies. Being remote, it is easy to “forget” about the person and not include them in all education. With a remote workforce, it’s critical that the team members know what is going on since they aren’t going to hear office gossip or see postings in the cafeteria. Make sure they know of/about the following:

• How to use your VPN for secure access
• Why to use secure passwords (and what a secure password is)
• How to recognize your environment with 3^rd party software. For example, you can customize the login screen for with your company’s logo. This can help a person recognize that they are on your M365 and not some scam site.
• What are good practices to prevent getting attacked?
• What changes are happening within the office? If the office is relocating, you may need to let the remote team know that the IP address has changed, for example.
• How to recognize phishing emails and unsecure links within an email or website.

Firewall/VPN

It may be very tempting to permit your systems to be accessible from the internet, but that opens up connectivity not just for your team, but for anyone else who figures out your IP address. Instead, have your team log in to your VPN first to access your resources. Even if those resources are in the cloud. Yes, it’s an extra layer of security, but most VPNs authenticate with Active Directory. If a person is terminated, then they won’t be able to get into the VPN. Otherwise, you have to remember to turn that person off in multiple locations.

Your VPN can also be used to scan traffic, sites, ports, and other items that could be risks for your team members. You can help protect them even though they are not within the actual building.

Endpoint protection

Just because a team member is remote, doesn’t mean they need less protection. If anything, they need more. You have no control over where the team member has the computer. Other members of their household could put in a removable drive or access the machine if it’s unlocked. You need to make sure the system will stay protected from potential outside threats not just the internet, but potentially other people that may end up with access to the machine.

Email Protection

Just as with your on-premises team, you want to protect the remote users in the same way. Something that removes problem emails automatically will greatly help you as well. The remote user won’t be able to hear other people nearby talking about the “problem email” and know not to open it. Removing the offending email automatically gets the problem out of view from the team members without them having to act.

Password Management

If you’re not familiar with password management software, it is used to generate, encrypt, store, and share passwords. Generating random passwords are stronger than using words or phrases. Usually the generators allow the user to specify length and complexity for the new password.

Random passwords are great, but hard to remember. That’s why you want something that can store it. The times of writing your passwords down is long past. Passwords should be changed, so that piece of paper gets full quickly. These generators encourage team members to use strong passwords and not reuse a password!

Storing passwords securely by encrypting them with zero-trust means even if the password management software were compromised, the contents are encrypted so that the stored passwords aren’t accessible. The owner of the password vault supplies the encryption key and even the software company cannot decrypt the information since they do not have the key.

Sharing passwords initially sounds like a horrible idea. But what if you have a login to an education site and the site only has one login for all employees? You need a way for everyone to access that password. And if the password changes, you need to update all team members quickly. Putting that password into a shared vault where the appropriate team members can access it provides a solution. Better yet, if one team member changes the password, all team members are updated.

When a team member wins the lottery and unexpectedly leaves the organization (sounds better than getting hit by a bus), the password management software will allow you to terminate their access to the vault (keeping shared items secure), but also provides security personnel a way to recover the terminated account so that if the person had the only login to an area, you can recover it.

Backups

If a team member’s machine is lost or destroyed (you know, the dog knocked over a glass of water onto the power cord, no issues, right?), you need a way to recover the information. If your backup software doesn’t handle remote machines, look to some sort of cloud storage solution (like OneDrive) and have the team member store their documents there. This way if the machine is lost, you can connect the new machine to the cloud storage and all the documents are accessible. This provides a cheap and easy backup solution for the machines.

If you are using cloud storage, make sure the storage is actively backed up as well. Some cloud providers give you the storage but are not responsible for backing it up. Your organization needs to back up that cloud storage as well. You’ll need to make sure your backup solution handles these situations.

Also look at other third party software you use such as Microsoft 365, and make sure it is backed up as well. By default, Microsoft 365 is not backed up. You need to back it up yourself.

Device Management

The same reasons you implement endpoint protection are the same reasons you want to use device management – to protect the system as much as you can.

Now, there are at least two other reasons you want device management – termination and lost devices. With the proper management software, when an employee is terminated or if the device is reported lost, you can lock it down, potentially wipe it, or even find it. This helps protect your business’s confidential data until the machine can be returned.

You’ll want your management software to control software deployment as well. If a new version of a software is available, you want to get that out to all your team members quickly and efficiently. You’ll also want to be able to roll out policies to the machines so that devices are locked down appropriately. Should you need to change policies, you’ll want your remote users to get these updates just like your on-premises staff.

Links

• Endpoint protection
• Email protection
• Password Management solution
• Backup solution 
• Machine Management
• Microsoft 365
• Endpoint Protection
• Firewall/VPN Hardware

Other resources

• Video on password cracking

- last updated February 4, 2025