5 Steps to Setting up and Securing Your Remote Workforce

Now that the reality of working from home during the COVID-19 emergency for an indefinite period of time is starting to sink in, the best course of action organizations can take is to ensure they have the proper measures in place to scale up and scale down a remote workforce as needed.

Even outside the current crisis, a growing number of employees are choosing to telecommute instead of venturing into the office day in, day out every week. In fact, the number of employees that work from home has increased dramatically during the past couple of decades—173% from 2015 to 2018, according to GlobalWorkplaceAnalytics.com. On top of that, while many would rather collaborate in an office environment, up to 80% of employees would like to work from home at least part of the time. This means employees generally favor work environments that give them the freedom and flexibility to work and connect to people and technologies, on their own terms.

On the back end, there’s a lot of pressure to keep systems up and running when employees are trying to access company resources all at the same time. Securing these connections poses an even bigger challenge, as decentralized control makes it difficult to fully protect remote users from malware threats aiming to steal valuable company data. As seen in the news lately with the uber-popular video conferencing application, Zoom, any pre-existing security vulnerabilities within the application can open the organization up to increased security risk and compromise sensitive information.

Here are five steps that can help you make the transition to a secure remote workforce as painless as possible.

Step 1: Provide easy access to applications.

Number one on the list is providing your remote workforce with quick access to business-critical applications, like Office 365, Salesforce.com and Jira. And you’re in luck–the majority of applications used today are cloud-based. However, your end users have to keep track of an overwhelming amount of web URLs and separate passwords.

With an Identity & Access Management (IAM) solution like OneLogin, single sign-on (SSO) provides users with a single dashboard for accessing all their applications. They only have to remember their OneLogin password to get access to their everyday resources. This is done by leveraging open standards like SAML and OpenID Connect that allow admins to enforce security policies such as Multi-Factor Authentication (MFA) across their user base via the OneLogin admin portal.

Step 2: Give employees multiple ways to communicate quickly and efficiently.

Communicating with one another quickly and effectively is even more challenging now that we’re all working from home. Consider implementing a formalized policy around instant communications and video conferencing tools like Zoom and Slack.

This is where an IAM solution can help you centralize access and security policies for all or a subset of your users and applications. In the case of “Zoombombing,” you can ensure only authenticated users who have an account can join meetings. You also benefit from having a centralized place to provision and deprovision users in real time for end-to-end user lifecycle management, which ensures no one has lingering access once they are no longer with the company.

Step 3: Implement a “security first” mindset.

When all your users and their corporate-owned machines can no longer depend on the safety of your internal network, a number of security issues arise. For one, you may offer employees a virtual private network (VPN) that provides an encrypted tunnel to your internal network so they can access company resources. But are you 100% confident that individuals accessing their VPN are who they say they are? OneLogin’s cloud RADIUS endpoint not only allows your employees to use their same OneLogin credentials to log into their VPN, but also allows you to layer strong MFA to mitigate hijacking and protect valuable company data.

In the case of providing convenient and secure access to remote desktops and servers hosted on-premise or in public or private clouds, OneLogin’s Remote Desktop Gateway & Remote Desktop Web Access solution can be easily configured to provide SSO and MFA, giving you higher confidence that you are not exposing your internal systems over the web insecurely.

Step 4: Ensure device trust and safety.

Besides securing VPNs and remote access to on-premise workstations and servers, you must also think about how other devices, such as corporate-owned laptops, are accessing internal resources. Many organizations run on-premises directories, like Microsoft’s Active Directory. That’s all well and good for enforcing strong access policies for domain-joined machines, but once they are taken home for remote work, they no longer authenticate against that on-prem directory. The solution? Authenticate users against a unified cloud directory no matter where they are located and enable certificate-based authentication to streamline the login process and securely manage your fleet of laptops.

OneLogin Desktop Pro installs a certificate on the device, which automatically logs users into their systems without them having to re-enter their directory credentials. This also gives you better control over enforcing password requirements and the ability to require users to provide additional authentication factors, like a one-time password (OTP) sent to their phone, to get access.

Step 5: Implement multi-factor authentication.

As alluded to above, implementing MFA in front of your users and applications is important now more than ever. We’ve seen a rapid increase in cyber threats over the past several months, which are becoming even more creative in targeting individuals within an organization. It is also a lucrative option for hackers to obtain usernames and passwords from the dark web to gain access into your internal systems.

Implementing an MFA policy can provide the extra level of protection you need by requiring users to provide an additional authentication factor, like an OTP, device like Yubikey, or even a fingerprint scan. OneLogin takes MFA to the next level with SmartFactor Authentication, which leverages machine learning to adjust authentication requirements in real-time based on the perceived level of risk. Additionally, it cross-checks users’ credentials against a database of known breached accounts and passwords to prevent password reuse.

Conclusion

As today’s dynamic workplace continues to evolve, businesses need to think about how their current IAM solution or process can evolve with these changes. The OneLogin Trusted Experience Platform provides that identity foundation to set up a secure remote workforce in a way that gives all your employees, contractors, partners and customers access to everything they need to get work done and keep business operations going.

This guest blog is part of a Channel Futures sponsorship.