How to Use FIDO2 to Protect Remote Employees from Cyber Threats

How to Use FIDO2 to Protect Remote Employees from Cyber Threats

In cybersecurity, there’s no such thing as “done.” You need to be on the lookout for new threats and opportunities. In the past, you tightened physical security and created a password policy. Now, you need to tackle the challenge of remote employee security.

The Remote Employee Security Challenge Is Growing

Years ago, you could prevent remote employee security risk by forbidding remote work. That option is no longer on the table for most organizations today. Many employees, especially in highly competitive talent markets, demand remote work from employers. Failing to offer this option to new hires will make you less competitive. It’ll also undermine employee morale. According to CNBC, 70% of the global workforce work remotely at least one day per week.

If remote employee work is a reality, you need to look for ways to make it possible. Your human resources department probably has ideas to help managers and employees make remote work productive. However, that still leaves the question of security. Let’s address closing the security gap for remote work so that your workforce can thrive.

Defining the Remote Employee Security Challenge

Before we can solve this security problem, we need to understand it. With a traditional employee working at your office, it’s relatively easy to reduce risk. You can require ID badges so that intruders will find it more difficult to gain access. You can issue each employee a corporate computer. You can route all network traffic through your hardware. If you notice an employee engaged in unsafe practices such as downloading an unknown application, you can provide guidance. In contrast, a remote employee doesn’t have the same protections and security opportunities.

Your employees may work from home, which should be relatively safe. However, they might work at a hotel, conference center, or on a plane. In these environments, security may not be a priority, which creates added risk. For example, in these environments, you face increased risk of “shoulder surfing,” meaning an intruder watching your employee enter passwords. In a conference location, an employee might leave his or her PC open on a table when visiting the restroom. How do you enable secure remote working without losing all your employees?

The Three Solutions to Eliminate Remote Employee Security Risk

To support your remote employees and keep your organization safe, we recommend using three interlocking systems.

1. Enhance Technology for Secure Remote Working

Using FIDO2, your employees can authenticate themselves using their phones and a password. With this two-factor authentication process in place, simply observing an employee enter a password in a public place isn’t enough to gain access to your systems. You can bring this security enhancement to your organization with Password Management.

Beyond using FIDO2, there are other ways to enhance security for remote employees. For instance, let’s say a senior executive is traveling and wants to access his or her corporate account. If that access fell into the wrong hands, you could be exposed to considerable risk. To reduce the likelihood of a problem, we recommend adding biometric authentication. Here’s the good news: you don’t have to issue fingerprint readers to your entire staff! Low-impact alternatives such as facial recognition and voice recognition are available.

2. Enhance Oversight Processes for Remote Working

Without oversight processes, it’s nearly impossible to tell if your security technology is being used effectively. Here are some of the methods we recommend to improve remote employee security quickly.

  • New employee training: As part of your training to new hires, explain your remote working security requirements. Before deploying this training, ask a few people in non-IT roles to review it. Ask these reviewers to point out any concepts or tips that are hard to understand. If people don’t understand your suggestions, they’re unlikely to implement them.
  • Monthly management reporting: Each month, set aside 10-20 minutes to review a report on remote security usage. For example, you can track access to your virtual private network (VPN) and multi-factor authentication. If these usage patterns are low, employees may not understand how to work in the most secure fashion.
  • Fast user account removal: Encouraging remote employee work increases security risks. This can be reduced in a variety of ways, such as the technology section mentioned above. You can also make it a point to remove inactive user accounts. This practice is especially helpful in the case of terminated employees who may be interested in attacking the organization.
  • Experiment with new security processes: Security is a continually evolving practice. Therefore, you need to spend some time and resources on experimenting with new ways to support remote employee security. For example, consider using a hardware authentication device such as a YubiKey for managers. This device gives you an added layer of security.

3. Provide Proper People Training

Providing training and coaching to your people is an essential way to improve remote employee security.

  • Set a tone from the top: To make it clear that the security measures are meant for everybody, set a good tone from the top. Ask people managers to make use of enhanced security measures such as FIDO2 authentication with their smartphones.
  • Continuous promotion: Further, we recommend regularly bringing up the topic of security awareness with staff so that they understand that it’s a corporate priority.
  • Position IT Security as an Enhancement, not a Drag
  • IT security leaders are sometimes seen as a drag on corporate success. It doesn’t have to be that way. Instead, you can work to support corporate goals, such as remote work flexibility. Your contribution will be sustaining IT security protection even as the organization expands. Instead of saying “No,” you’ll become supporters to the business and the need to accommodate employees.
Written by Nelson Cicchitto