The number of remote workers in the U.S. has grown in recent years. In 2012, there were 2.5 million people in the U.S. that were considered remote workers. According to a report published by Global Workplace Analytics, that number jumped to 3.7 million in 2017. And these numbers do not consider self-employed individuals. Is your organization transitioning to a remote work model due to a shift in the way you do business, or in response to an issue outside the organization, such as the COVID-19 global pandemic? If you are responsible for your organization’s network security, you may experience a bit of angst about entrusting employees to make sound decisions to protect the organization’s resources. After all, you can implement all the endpoint security/protection measures possible, but the final trust lies in employees to do the right things. Providing an educational session with a handbook they can keep or easily access will empower them to make choices that keep the organization’s resources protected. If the transition must happen quickly and you don’t have time for cybersecurity training, providing remote employees with key best practices is a good substitution.
The information below highlights five key actions for remote employees to do to remain safe while working remotely:
- Understand the Risks
- Safeguard Entry Points
- Use Secure Connections
- Protect Your Tools
- Be Watchful and Proactive
1. Understand the Risks
Employees may have read about cyberattacks in the news, but not understand the consequences to the organization and the role that they play in minimizing security risks. They should know that while it is true that the IT professionals in an organization are responsible for making sure the organization’s resources are protected from cyberattacks and other unwarranted intrusions, employees in the organization also have a responsibility. This responsibility is greatest when employees work at a location that is remote to the organization. In addition to financials, cybersecurity threats can also impact an organization’s reputation. Employees may think the danger falls on the organization. However, any security fallout for an organization is going to impact its employees. This could be in the form of their personal information being exposed to an unauthorized person or losing their job. The organization may have to reduce its staff size or eliminate business perks to try and recover from a cyberattack.
An important step is instructing employees to report security issues right away. Let them know who they should contact and how. If an employee contacts you with a security issue, it’s important that you don’t berate them or make them feel bad about the issue.
2. Safeguard Entry Points
The first step in a cyberattack is the attacker gaining access to the desired assets without authorization. Two common points of entry are weak passwords and exposed hardware. The vulnerabilities in these areas are remarkably simple to resolve.
A list of cybersecurity best practices is incomplete without mentioning passwords. According to the Verizon 2019 Data Breach Investigations Report, weak passwords are the cause of a significant number of cyberattacks. At the very least, employees should use strong passwords. This means using a mix of upper and lowercase letters, numbers, and special characters such as an exclamation point (!) or ampersand (&). Is your password easy to remember? If your answer is yes, it’s probably not a strong password. Once they decide on a strong password, employees must resist the temptation to use it on multiple devices. If a cybercriminal should discover your password, they may try to use it to access even more information.
A password that people often overlook is the one that is used to access and manage their wireless router. This device is often installed by a technician with a default username and password. If remote employees haven’t replaced the default values, they should change them right away. The URL to the router and the default connection information may be located on the back of the router. Otherwise, they should contact their provider for the information.
If employees are concerned about trying to memorize strong passwords, they should consider using a password manager. These applications simplify password creation and usage to facilitate security and convenience. KeePass, LastPass, and 1Password are popular password managers. Another good option is to use multiple factor authentications, which involves setting up a secondary device to provide authorization.
Unprotected hardware is appealing to cybercriminals. The installations and configurations implemented by IT department personnel lose their effectiveness when employees neglect to perform general security measures to protect them. They should always lock their computer screens when stepping away from it—even if they’re remote location is a home office. Social media is filled with images of children and pets creating havoc with unattended computers. They may appear entertaining, but these playful acts can cause employees to send an unintended email or open a file. Employees should consider the device they use to connect to your organization’s network or to store information related to your job a valuable tool that should always be protected.
Videoconferencing is becoming a popular method of connecting people in an organization when they are working in different remote locations. Since it also requires a technical connection, vulnerabilities exist. The safeguards for a computer also apply to videoconferencing. In the article, “Video conferencing risks when working at home: 16 ways to avoid them”, Norton provides a list of great tips for working safe while teleconferencing. One important tip they state is to turn off a webcam when it isn’t in use.
3. Use a Secure Connection
One absolute must for cybersecurity is that employees connect to your organization’s network using a secure connection. The safest method is using a virtual private network (VPN). A VPN is a tunnel that provides a haven for digital traffic to travel through when employees are connected to the Internet. As they transmit and receive data, an employee’s location and IP address are concealed and all their data is encrypted so that others are unable to read it.
Employees should be discouraged from using a public Wi-Fi. They should understand that public Wi-Fi networks typically transmit data unencrypted, which causes a serious risk because it can be intercepted by an unintended party.
4. Protect Your Tools
Employees should only use applications that have been approved by the IT department. Downloading an application or software from the Internet may add adware, spyware, and viruses to your system. If employees will use company-supplied computers, installing anti-virus and anti-malware software and a firewall is critical. They should install these on any personal devices they intend to use for work or to access the organization’s network. It is a good idea that employees remain aware of the latest threats. CSO, a security research company, provides up to date information about current threats that you can pass on to remote employees.
Employees should think of operating systems as dynamic software since critical updates and patches are constantly being added to improve security and users’ experience. The easiest method of obtaining the updates is to set automatic updates. It may seem annoying, but employees must understand that keeping operating systems up to date helps to keep their systems running efficiently and safely. Employees should also make sure all approved software on their system, including web browsers, are up to date.
5. Be Watchful and Proactive
An employee’s responsibility to safeguard your organization’s resources doesn’t end when they implement the safeguards mentioned above. They should also be watchful for suspicious and unusual activities and report these to the IT department or the organization’s designated cybersecurity professional.
Make sure they know the following:
- Pay attention to every communication you receive. If an email looks suspicious, don’t click any attachments or downloads associated with it. Common red flags are poor grammar, misspellings, and odd URLs.
- Be aware that cybercriminals may attempt to access personal information via email, text, and voice messages.
- Scams and “phishing” are often related to an existing event. For example, cybercriminals may try to use communications about the COVID-19 stimulus payments to get your attention.
- If you have a security issue, such as you lose a company-owned device or your personal device with corporate data, report the issue right away.
The tips presented here are to help employees practice safety while working remotely. An underlying requirement is that you have implemented a robust infrastructure. If you are uncertain about the system currently in place, BACS can assess the specific needs of your organization and help your organization to implement a centrally managed cybersecurity solution that protects its resources. To learn how BACS can help you develop, implement and manage a robust cybersecurity plan, please connect with us at (650) 887-4601 or complete this contact form and we will connect with you.