Last year when the COVID-19 pandemic was just beginning, businesses began temporary closures of their office spaces and employees transitioned to working remotely from home. While some offices have opened back up and employees have returned to the physical workplace, some are operating as a hybrid workplace and others have kept their employees remote.
Whether this is still temporary or more permanent remains to be seen, but what is clear is that the remote work model has become an integral part of workplace culture today, and most likely moving forward. So, what does this mean?
Well, it’s not only important to ensure that remote workers remain productive but that their work environment, wherever that may be, remains secure.
Whether employees are working from home, the local coffee shop, or somewhere in between, certain measures must be taken to minimize security risks and data breaches that could compromise the rest of your organization. Keep reading below for some basic security best practices we recommend to keep your remote workforce safe and secure!
Top 5 Security Practices for Working Remotely
1. Provide Security Awareness Training
An aware workforce is a more secure workforce. Providing formal cybersecurity education to your employees can help to safeguard against cyber threats like phishing, ransomware, malware, and more. In fact, since the pandemic began and with more people working from home, cyber threats have increasingly become more sophisticated. By providing basic security policies and procedures to your employees, they are less likely to fall victim to cyber threats. Security awareness training also creates a more proactive and secure mindset and culture that prioritizes the protection of your company’s sensitive information and data.
The following security issues should be top of mind for your remote workers:
- Third-party software vulnerabilities: The top 30 online retailers in the US are connected to over 1,000 third-party resources each, and nearly a quarter of those assets have at least one critical vulnerability. It’s important that users are aware that attacks can come from the software they use every day.
- Social engineering: Social engineering utilizes deception to manipulate individuals into divulging confidential or personal information that can then be used for fraudulent purposes. Social engineering attacks include, but are not limited to, phishing emails, scareware, quid pro quo, and others. Nearly one third of the security breaches that occurred in 2020 used social engineering techniques, of which 90% were phishing.
- Ransomware: Attackers use data-encrypting programs to disrupt and destroy business processes, and/or also threaten to publish personal data. The attackers then demand payment to in order to stop their attack. In 2020, the overall sum of ransom demands surpassed $1.4 billion.
2. Keep Work and Personal Devices Separate
It’s always better for employees to use their company-provided laptops and mobile devices for work, rather than their personal devices. This may seem obvious, but sometimes remote workers may find it more convenient to use their own devices even if they have fully functioning equipment provided by their employers. However, using personal devices for work comes with inherent security risks.
Typically, your IT department will (and should) be running regular security updates, antivirus scans, and implementing countless other security measures in the background. The same security vigilance cannot be guaranteed on each of your remote workers’ personal devices. As a result, personal devices are more vulnerable to network threats that are less common in the office. Therefore, it cannot be assumed that these same personal devices are safe for use in work-related tasks.
3. Use a Virtual Private Network (VPN)
Unsecured home networks make it easier for cybercriminals to access emails and passwords. Conversely, a Virtual Private Network (VPN) is similar to a firewall and helps to protect remote workers online while enabling them to have the same security, functionality, and appearance as if they were within the company network.
A VPN creates a private network from a public internet connection by hiding your internet protocol (IP) address, making online activity virtually untraceable, improving online privacy. While it’s important for employees to use a VPN to keep company information safe, make sure employees only use the VPN when working remotely and when accessing company information remotely.
4. Avoid Public Wi-Fi
Even less secure than home networks are Wi-Fi networks in public spaces. Working from a coffee shop, library or other public space opens employees up to hackers who are on the same network. It is best to advise remote workers not to work from a coffee shop or other public space unless absolutely necessary.
5. Ensure Secure Password Practices
Passwords are the first line of defense in the security of almost every computer, website, phone, or mobile device. However, creating strong passwords tends to be one of the most overlooked ways of protecting ourselves when working from home. We tend to write passwords down, reuse them, and often make them so simple that they are close to useless, but these are poor security practices.
Ensuring passwords are strong and secure is even more important when working remotely. At the most basic level, passwords should be long, strong, and unique: at least 12 characters comprised of a mix of numbers, symbols, and capital and lower-case letters, avoiding common words or phrase. Your employees should also add a password screen every time they access a laptop or other device; this makes it harder for a third party to access sensitive data should a device ever fall into the wrong hands.