The Sudden Jump to Remote Work: The Need For the Cybersecurity of Your Remote Workers
In August 2020, Malwarebytes (PDF) released a report including data from a survey conducted with 200 IT and cybersecurity professionals examining the impact of COVID-19 in the security world. They found that over 50% of IT employers stated their biggest work from home (WFH) challenge was training remote workers to work at home most securely and compliantly.
This daunting challenge is shared by many, from IT professionals to small-business owners. You can’t escape the cybersecurity risks of working from home because there are always security issues with working remotely. However, with the quick jump from working in an office space to working remotely, many employees were undoubtedly left even more vulnerable to cyberattacks than before.
Although there is no way to ensure your team is 100% secure, we want to share a few working from home cyber security best practices and remote employee security tips to help you and your team stay protected.
Work from Home Security Tip #1: Educate Your Employees
Working remotely places more responsibility on individual employees to ensure security, but you should never assume they know the slightest thing about cybersecurity. Creating a plan to focus on cybersecurity for remote workers will help you in the long run. In an ideal world, security would be everyone’s responsibility, but that’s not the case when employees feel they are already overwhelmed with their current responsibilities.
Set and Communicate Expectations
Add that to the chaos of working from a distraction-filled home, where there may be children running around, a dog that needs walking, or a quick chore that needs to get done. It’s difficult for anyone to keep cybersecurity at the forefront of their mind with the endless distractions when working from home.
This is where you come in to provide helpful resources and clear expectations to ensure your company’s security in the form of education and a solid work from home security policy.
Setting clear expectations for remote employees doesn’t have to be complicated. It can be as simple as sending an email or as detailed as a remote working security policy they’re required to sign. Just remember, it should be easily accessible and clearly outline the company’s expectations as they work from home, including security guidelines, plans, and policies.
Phishing and Malware
Many people think cybersecurity attacks aren’t a real threat to them until it’s too late. Cybercriminals adapt along with the world’s current events and will take any opportunity to get what they want. A more recent example of this is with COVID-19.
When the second round of stimulus checks was approved, the IRS warned that scammers may reach out through text messages, social media, phone calls, and emails to disclose personal or bank information. These scammers would often use words such as “stimulus” and “coronavirus” and offer opportunities to invest in companies producing COVID-19 vaccines.
This serves as a great example to remind your employees to avoid phishing scams and malware, which are as high a risk as ever when working from home. Remember that there are many affordable resources available to help you manage IT security problems like phishing and ransomware attacks, such as KnowB4 or Proofpoint, and the cost is worth your peace of mind.
Password Management
Did you know that in 2019, compromised passwords were responsible for 81% of hacking-related breaches? Good password management practices can save you a lot of money, time, and heartache in the long run. Always train your employees to practice good password management.
A secure password includes:
8-Character minimum lengthBoth upper and lowercase lettersAt least one numberAt least one special character
When possible, enable multi-factor authentication for an extra step of security. Schedule an annual password audit, never reuse old passwords, and don’t post your password in an unsecured location (such as in your device’s “notes” app, programmed as a device contact, or in an unsecured excel file). A great way to ensure cybersecurity for remote workers is to ensure your passwords are secure is by using a password manager, such as Dashlane, Last Pass, or 1Password, to keep your passwords in one place and create unique passwords for every account.
Remember that your employees have a lot going on outside of work, and you can’t expect them to become cybersecurity professionals overnight.
Work from Home Security Tip #2: Ensure Device Security
The good news is that many employers were able to supply their staff with devices to work remotely. The bad news is that not many employees were trained in caring for and ensuring the security of these devices. One of the most critical things you can do as an employer is to encourage your employees to have good work from home security awareness and to keep their devices secure through updated software, regulated personal devices, and avoiding unsecured networks.
Up-to-Date Software
Software updates can seem like a nuisance at times. It’s easy to click “Remind Me Later” when prompted to update but doing so can leave you vulnerable to attacks. Cyber threats are continually changing, which means operating system providers need regular updates to combat and keep on top of them. When you update your software regularly, you are less vulnerable to compromise the data on your devices.
One of the best ways to ensure your software is updated is by enabling automatic updates when possible. This takes the stress of manually updating off you and allows the system to update on its’ own, usually late at night when you most likely won’t be using it. If automatic updates aren’t possible, you can set a reminder to do it when you’re home from work or about to get in bed, so it can be updated by the time you need your device again.
Personal Device Use
Another critical factor in the security of your devices is understanding and regulating personal device use. Personal devices can be easily compromised, which is why it’s startling that 48% of workers use the same passwords in both their personal and work accounts. Workers also seem to be prioritizing the security of their personal accounts over their work accounts, according to LastPass’ Psychology of Passwords global report (PDF).
What this means for you is that your employees’ flawed security behaviors or complacency with password management can likely extend into your business. Make sure you take the time to create a remote working security policy for company devices and educate your employees about how they should use them. One should only use their work-issued laptop for work-related business and avoid similarities in their personal and professional passwords, which can quickly lead to a company data breach, creating more security issues with working remotely.
Avoid unsecured Wi-Fi Networks
According to the 2019 State of Remote Work report from Buffer, the second most common location employees work from is coffee shops and cafes at 37%, with the first being working from home. While coffee shops and cafes can be a great environment for productivity with a change of scenery and great coffee a few feet away, it’s important to remember cybersecurity risks can be even more prominent with unsecured Wi-Fi networks.
Never trust networks that are not password-protected. If the network does request a password, you should still remain vigilant. It’s not difficult for someone to find out the network password at a local coffee shop and create a fake connection with the same password to steal personal user data. If possible, use a Virtual Private Network (VPN), which means cyber criminals can’t read your data, even if they gain access to them.
VPNs are great, but many of them have been put through recent stress with more and more remote workers using the network, slowing it down. If your policy allows it, and if you’re confident the network you’re using is secure, consider unloading the VPN and only using it when necessary.
Work from Home Security Tip #3: Support Your Team
The final way to ensure your employees are secure at home is by supporting your team. You can’t expect your team to know the ins and outs of cybersecurity (or even the basics) without learning how to maintain security for remote employees yourself. After that, you can provide support, education, and resources for your team.
IT Support
Even if you make every employee go through cybersecurity training or sign a policy, cyberattacks can still occur. You should provide vigilant IT support and make sure your company is prepared to respond to a data breach or security incident at any time.
Additionally, you should also consider investing in a cloud-based service and secure collaboration and communication channels for your team to help keep work things in one place for everyone.
Adjust Your Expectations
The COVID-19 pandemic has thrown a curveball at us all. Many people have had to give up things they love because of it. Whatever it may be, it’s essential to adjust your expectations and understand that many people are struggling right now.
According to the Mental Health Index: U.S. Worker Edition, between November and December 2020, there was a 48% increase in the risk of depression, and employees’ focus dropped 62% – a record low since the start of the research in February 2020.
Remember that now more than ever before, and that your role requires you to listen, be patient, and expect changes in employee performance during this time.
The COVID-19 pandemic has required businesses to reevaluate how they approach many things, including cybersecurity. Cybersecurity in itself is a difficult topic to tackle, and even more so when you consider how to maintain security when employees work remotely. The best way you can help ensure your team’s security at home is by educating your team, ensuring device security, and providing support for your employees.
Are you concerned about the cybersecurity of your company’s remote environment? Edge Networks can help! Take our free, self-guided IT Security Risk Assessment, or contact us today for a free, 30-minute consultation.
