You’ve heard the recent – and sometimes overly-used – buzzword “the new normal” when referring to how organizations are conducting work during COVID-19. Yet still, as businesses re-open, many predict there won’t be a full-shift back from working remotely, and that what is going on today will continue to be the “new normal” for a lot of us.
The COVID-19 situation brought on the realization that it’s not always necessary to have people working side-by-side in an office space – even in the healthcare industry.
Healthcare personnel like financial, administrative, IT teams, and other non-patient-facing roles who’ve been working from home may not find their way back to the office-setting soon.
Many organizations quickly pieced together security protocols for remote workers out of necessity. But, as your team continues to work from home for now, and possibly the foreseeable future, it’s time to rethink your remote access security strategy.
Take a look at the following critical security steps you should take into consideration for your remote employees.
One Point of Entry
Ensure your network is more secure and reduce the opportunity for unauthorized access by having remote accessibility come through one secure portal rather than multiple VPNs.
Working with a single VPN entry will keep team members secure because a VPN encrypts information to tunnel it from its source to its destination safely.
Multi-Factor Authentication (MFA)
Even though corporate IT teams set requirements for password complexity and have users update passwords regularly, statistics show that’s not enough. A staggering 81 percent of hacking-related breaches are linked to compromised passwords.
Instead, experts urge organizations to implement multi-factor authentication to supplement password security. By enabling MFA, users must successfully present two or more pieces of identification – like a code on a smartphone – to gain access to your network.
Pro Tip: Using MFA on a personal device can make your network vulnerable to employees that leave your organization – instead, use a work email for MFA so you have control over the access for terminated employees.
Remember that at-home and personal devices are not typically set up to have the same security standards as the equipment workers use at work. Ideally, remote workers should only connect to the corporate network via company-issued devices.
These devices are more likely to have the necessary security features and are regularly updated by the IT team to maintain a higher security standard that ultimately protects users and patients from cyber hackers.
Ongoing Patches and Updates
It’s easy to keep clicking the annoying up-date-later popup time and time again, but the security of your system and network is only as good as its latest update.
Remind your remote team about the importance of keeping up with updates and whether or not they’re responsible for patching their home infrastructure like their routers and firewalls too.
Phishing Attempts and Attacks
Early on, the FBI warned healthcare organizations to be on the lookout for COVID-19 related phishing attacks. Google detected 18 million malware and phishing messages a day involving COVID-19 back in April.
As your remote team works from home, they need to stay alert to the potential phishing attacks that come through email, phone calls, and SMS text messages.
If they receive anything suspicious, make sure they report it, because it’s very likely other employees may have received the same or a similar harmful message where the IT security team would need to send out a warning.
Above all, no matter where your employees are located – in the office or at home – it’s essential that you work to create an all-around, secure work environment. Take a look at our eBook: How to Build Effective Privacy Policies and Procedures. Inside, you’ll also find details about creating policies to safeguard your remote workforce.
Ready to get started with your remote security strategy, including a strategy for vendor remote access? SecureRamp™ can help you master all things remote access, including the areas we presented today.