How can your organization maintain security now that employees are working from home?
When an employee begins working from home, it is important that they have an understanding of how to protect the security of your organization’s resources. From VPNs, MFA, and creating complex passwords, to avoiding suspicious links and monthly security trainings, there is a lot you can do to educate your employees before allowing them to work remotely.
Many of these processes and educational trainings are also beneficial for general IT security, so they still provide benefits even if your users are only remote temporarily.
Multifactor Authentication (MFA)
You should always be able to safely access your systems when working remotely. Simply logging in with a username and password creates a security risk, as passwords by themselves do not always remain secure.
Multifactor Authentication (MFA) is an account security process that requires two (or more) steps to be successfully completed in order to gain access to a computer, network, application, or other resource. After logging in with the standard set of primary credentials (i.e., username and password), an additional verification step is required. MFA options include authenticator/one-time password apps, SMS/email, security keys, physical tokens, and more.
To learn about the additional options of MFA, click here.
By adding an extra verification step, you can safeguard access to your organization’s systems and resources, thus ensuring the identity of the person authenticating themselves. Additionally, MFA’s additional login steps prevent security breaches if a user’s primary credentials (i.e., username and password) are compromised in any way.
Furthermore, MFA (and other authentication policies) may be configured to deny or required additional verification under certain conditions. Is a user trying to access the network outside of their normal working hours? Require MFA or outright prevent access. These configurations can be custom set according you your organization’s specific needs and standard times of user activity. For remote workers, advanced and adaptable MFA and access policies significantly enhance login security.
Complex Passwords
To securely access almost any network, application, or resource, you must log in with a username and password. These passwords need to be sufficiently complex, so as to prevent guessing or repetitive brute force attempts.
Employees must often use (and remember) dozens of passwords every day. To make their lives easier, they may reuse passwords, write them down, or save them in an unsecure location—each of which remains a large security risk. This makes it very easy for cybercriminals to gain access to your organization’s accounts. The working reality of the situation is that requiring more passwords disincentivizes secure password management. the more passwords you have, the less secure your IT environment truly is.
Luckily there’s a simple solution for this common workplace problem, known as Single Sign-on (SSO). With SSO, users only have to log in once with a username and password and the software automatically completes the log-in procedure for each subsequent application. Further, with only one set of credentials to remember, the passwords can be made sufficiently complex.
One of the best password management practices to adopt is using a passphrase in place of the standard combinations of characters everyone has come to recognize as a password. Passphrases are almost always easier to remember for users.
Access Controls – Automated Provisioning and Role-Based Configurations
Does your organization know which employees have access to which resources within the company? It is unnecessary (and a security risk) to give employees access to resources that go beyond what they need to perform their job functions. In addition to this, it is also important for your organization to have complete insight into the resources each individual employee has for efficiency, reducing network pollution, and compliance or audit purposes.
It is crucial to be able to manage your organization’s infrastructure remotely. With automated provisioning and role-based controls, access rights can quickly be assigned and withdrawn from users (employee, partner, or customer). By doing this, you prevent a user from continuing to hold unnecessary rights or licenses, thus eliminating unnecessary access.
You can even choose to attach a set duration for provisioned access to certain resources to automatically remove such at its expiry. Through automated provisioning and role-based controls, managers can easily keep an overview of which employees are active and which licenses, applications, shares, etc. they have in use.
VPN – Virtual Private Network
VPNs allow users to access a private network over a public connection. For most remote work scenarios, your users can leverage a VPN to access the company network and their desktop machines from their own computers or laptops. Whether at home, in a coffee shop, or any other location, VPNs are a massive security boost due to the encryption and barrier they provide. Encryption prevents security breaches and intercepted data when a user accesses the company’s network and IT environment remotely on a public network.
Easy and Secure (Cloud) Access: HelloID
HelloID is a complete, cloud-based Identity-as-a-Service solution, providing automated provisioning, self-service, access management, SSO, and more to solve your identity challenges. HelloID helps your organization maximize both security and efficiency.
With HelloID, employees receive a modern and secured cloud-based desktop for all their IT applications. Users log in to this portal and receive access to all of your resources by simply providing one set of credentials (username and password). Adaptive MFA configurations provide enhanced login security. HelloID provides seamless, secure access for all your end users while the consolidation of resources and self-service functionality also boosts their productivity.
Managers and IT also receive sophisticated controls and the ability to automate processes with HelloID. They are provided with a complete overview of which employee accounts are active and which licenses, applications, etc. they are using. With HelloID’s Service Automation (self-service) functionality, users can also request access to specific applications or resources, which their manager can then either approve or deny with one single click.
Interested in learning more information about how HelloID both tightens your organization’s remote access security while enabling all your users? Contact one of our US office locations, and we’ll go over your identity management needs.