As more companies are suddenly forced to switch to remote working due to the COVID-19 crisis, the haphazard preparations can create cybersecurity threats for your company and remote employees.
Normally, companies and organizations protect their networks using layers of security to keep their data safe. However, when you work from home on your personal network or public Wi-Fi, you risk exposing your company’s and personal data to hackers.
So, if your workforce is remote, consider applying the following tips on how to keep data safe when working remotely.
Cybersecurity Threats to Remote Employees
For many employees, this is the first time they’ve had to work from home, whether they were forced by circumstances or not. So, before we delve any deeper, let’s take a look at some of the online threats you should be aware of so that you can be more vigilant:
- Don’t open links or attachments from emails whose sources you don’t know.
- When shopping online using the same computer you use for work, be extra careful and only shop from secure websites.
- Don’t open emails from senders you do not recognize.
- Avoid using unsecured public Wi-Fi access points as these are hotspots for cybercriminals too.
- Online scams are on the increase. So, if you suspect any email to be malicious, it probably is.
- If you receive an email that looks like it came from your company but you’re doubtful, inquire about it from your manager, boss, or team leader first.
How to Protect Your Business Data When Working Remotely
1. Provide Employees with the Right Hardware
Company-Owned Computers
This setup is, undoubtedly, going to be expensive, but it is one of the safest security measures for your company. Usually, company-owned computers are equipped with the latest operating system, the most reliable anti-malware software, the required software and applications, and a configured firewall.
By issuing your team with these machines, you’ll be making it easier to remotely manage the machines and resolve issues since you will be able to remotely update and fix their software, including the operating system.
Personal Computers
Personal computers are by far the cheapest option for most companies since they don’t have to purchase those machines. Employees will have to use their personal devices for work, which increases security risks.
For one, you can’t tell if the computers used to sign in to your network have up-to-date software. You also can’t control where the employees access your network from, considering the freedom of working from anywhere.
However, you can put the appropriate security measures in place to mitigate the chances of cyberattacks. We offer more detail on the points below.
2. Provide Employees with Basic Security Training
Your employees must have basic knowledge about the security of their devices. With the increase in phishing attacks, it is important that they pay attention to any suspicious emails since those can contain malicious links. Some emails are created to look like they came directly from the employer, and without the basic training, an employee might not know what to watch out for.
Additionally, remind employees to avoid the installation of third-party apps whose sources cannot be authenticated.
3. Establish Stringent Password Policies
The use of passwords to protect a company’s data should come as a no-brainer. However, passwords can easily be hacked unless they are strong. The first step is to define stringent password policies that every employee should adhere to.
Remind your remote workers about the importance of using strong passwords as a way of securing your company’s data.
By auditing employee passwords, you’ll ensure that each password is created and reset according to predefined rules, such as using alphanumeric codes and two-factor authentication (2FA). Another best security practice is to use a password manager that randomly generates and stores strong passwords. It will be an especially handy tool for those employees who can’t keep track of all their passwords across multiple devices.
Consider making the use of two-factor authentication mandatory for all remote workers. This method is more reliable as it requires additional verification from the user apart from the usual username and password. In most cases, 2FA will require you to enter the PIN or code sent to your mobile phone or provide an answer to a security question before you can log in to your account.
Before providing remote access to your virtual team, have them confirm they have followed the set security measures.
4. Back Up Your Data Regularly
Companies should be prepared for anything, including falling victim to ransomware attacks where all the company data could be wiped out. For this reason, we can’t stress enough the need to regularly back up your organization’s data.
The 3-2-1 rule is highly effective as it ensures that you have at least three copies of your data in two different formats, with at least one copy stored offsite, for instance on an external SSD or HDD that’s not connected to any of your systems.
Speaking of backups, encourage your team to use secure cloud-based services, such as OneDrive and Google Drive, for data storage. Web-based applications like Office 365 are also good options because they have tough security measures that help protect your data from online threats. Additionally, using tools like NAKIVO Backup for Office 365 can provide an extra layer of security by ensuring that your Office 365 data is regularly backed up and easily recoverable.
When choosing web-based applications, consider the kinds of services that they are offering and check whether they are reliable. Using a trusted cloud service will give you and your employees peace of mind knowing that the data is safe regardless of where it’s accessed from. Just make sure that all team members use the same cloud-based services that your security team has verified and approved. If you run an eCommerce store, you need to choose the best eCommerce hosting that includes backups in the plan. In this way, you can make sure that your website can be restored after any crashes.
5. Ensure Your Software Is Up to Date
Outdated software, including operating systems, is more vulnerable to malicious attacks. Most users may not be keen to update their machines, and this might pose a security risk. To be on the safe side, consider encouraging each team member to update or upgrade their OS and programs to their latest versions.
On top of that, make sure that they activate automatic updates to ensure that their systems are always up to date.
6. Encourage the Use of VPNs
VPNs (Virtual Private Networks) are pretty useful in protecting your company data. Remote workers will likely want to work from outside their homes every once in a while to escape feelings of isolation and loneliness. This means that they may have to use unsecured public Wi-Fi.
To help protect their computers and your company data, provide your remote workers with VPN access to be used for all business-related activities, especially whenever they are connecting to unsecured Wi-Fi networks. A VPN provides an extra layer of security, providing further protection against a data breach.
The service masks the user’s geographical location, encrypts the internet traffic between devices and networks, making it unreadable, and hides the user’s IP address. Using VPNs protects your company data not only from hackers but also from the prying eyes of government agencies and your ISP (Internet Service Provider).
However, keep in mind that VPNs may slow down internet speeds. Therefore, you want to invest in the fastest VPN, the most reliable one that won’t interfere with connections, especially when video conferencing.
Additionally, you may want to consider a dedicated IP VPN for consistent access to certain services that require a fixed IP address.
7. Help Remote Workers Configure Firewalls and Antivirus/Anti-Malware Software
Most employees are ordinary computer users who may not have the technical know-how to set up firewalls and anti-malware software. If possible, arrange to have your IT team provide phone guidance to your remote team to ensure that they have the right antivirus/anti-malware software installed on their computers.
Additionally, they should offer technical support to remote workers in setting up the firewalls. This will protect not only their systems but also your company data.
8. Work Email Should Only Be Used for Work
Emails are the main targets of most phishing scams. If you’re working from home and confidential data gets leaked because you used your work email on an unsafe site, it’s going to cost the company a lot and you may have to take responsibility for your actions.
It’s, therefore, important to remind your employees that work email should not be used for any purposes other than work as this could jeopardize the security of your company data.
9. Establish a Company-Wide Protocol
So, your remote employees know how to spot phishing scams, have updated their software, and have set strong passwords using two-factor authentication. That’s great! But in case of an attack, how should they react?
That’s why instituting a company-wide protocol that covers all aspects of security, including what to do when there is a potential data breach, is crucial. Consider establishing proper communication channels so that your team knows exactly who to contact in such scenarios. It’s a good idea to have a dedicated response team that deals specifically with potential security threats.
To help keep data safe, most organizations have established a cybersecurity policy that lets remote workers know what is expected of them regarding the use, sharing, and protection of data.
And one more thing. Technology changes fast. Therefore, update your policies regularly to keep up with the changes and to meet the needs of your remote employees.
How to Work from Home Securely
Remote workers also play a big role in maintaining the security of their devices and preventing data breaches. So, here are security tips for employees working from home:
1. Choose a private workspace. Start by being vigilant in your workspace. If you work from home, your privacy can be assured. However, if you work from the local library or the coffee shop around the corner, it’s hard to tell who might be looking over your shoulder at what you’re working on. If you can’t work from home for fear of feeling lonely and isolated, pick a private workspace in the library, cafe, or anywhere else in public where there’s no chance of anyone peeping in or listening in to your calls.
2. Always lock your devices. If you live with someone, be sure to lock your computer even if you’re just going to get a glass of water from the kitchen. You don’t want anyone messing with projects that you’re working on or accidentally deleting your work. On a Windows PC, simply press the Windows logo + L key combination. Mac users should press Control + Command + Q to quickly lock their computer’s screen. To resume your work, all you have to do is sign in.
3. Don’t use the same password across multiple devices. This is a surprisingly common habit among users, and hackers know it too. When you use the same password multiple times on different devices and accounts, it means that if one of your accounts is hacked, chances are high that all other accounts will also be hacked. To make it harder for hackers to gain access to confidential data, use strong passwords and 2FA.
4. Avoid using unsecured Wi-Fi. Make sure that your home router is secured before connecting to the internet. First, set up a strong password for your wireless network and only allow people you trust to connect to your network. Additionally, be sure to change the default password of your wireless network since most default passwords are easy to crack. If you work from outside your home, be sure to use the VPN service provided by your company. Also, remember to turn off auto-connect when using public Wi-Fi.
5. Update your computer. Make sure that your antivirus/anti-malware program has all the latest security updates installed. On top of that, every other piece of software installed on your computer, including browsers, browser extensions, and privacy tools, should be updated regularly to keep your data safe.
6. Don’t let other people use company devices. If you’re using company-issued working devices, be sure to stick to them any time you’re working. These devices are secure and have all the necessary configurations set. If you live with other people, including family, don’t allow them to use the devices.
7. Keep your devices with you, especially if you’re in a public place. It only takes a few seconds for a trained cybercriminal to plug a thumb drive into your PC and copy confidential data. Leaving your devices in your car is not safe either, and it’s best to take them with you.
8. Don’t use USB flash drives on your work PC. Hackers use USB drives to spread malware, and if you’re their target, they will use every trick in the book to get to you.
9. Enable the Find my device feature. Your device can be stolen anytime, even from your home. The “Find my device” feature that comes on all platforms, including Windows, macOS, Android, and iOS, will help you locate the device or remotely wipe all the data. The feature makes it harder for the crook who stole your device to access any information that it contains.
Work Confidently While Tracking Your Progress
You don’t want management thinking that you’re sunbathing on the beach instead of remote working, do you? So, you must keep your processes transparent and track your progress. Luckily, most companies use task trackers to monitor their employees’ work and see all the hours they have worked. Traqq is a good option that automates the entire process, including payroll processing, and provides detailed reports on the performance of each employee.
Most importantly, the tool lets you see the websites and apps that your remote employees are using, which can help identify if the websites visited or apps used are secure and authorized to be used by the company.
The Takeaway
Undoubtedly, allowing employees to work from home using their personal unsecured devices exposes your company to online threats. And without your IT team on-site to manage the situation, this can lead to the loss of valuable data.
Obviously, these devices were not set to be used in a professional setting, which means that they lack the enterprise-grade layer of security that companies use. However, since governments made it mandatory for people to stay indoors to prevent the spread of the coronavirus, companies didn’t have much time to prepare.
With that said, it’s still not late for businesses and organizations to learn how to maintain cybersecurity for remote workers and establish practical security measures for their teams to implement. Likewise, remote workers should be educated about the importance of data security and the types of attacks to watch out for and trained how to work from home securely.