Did you implement working from home under pressure, without properly thinking about remote work security and how to protect your business and staff? You’re not alone.
Many businesses quickly implemented remote work following the COVID-19 outbreak, without time for trial and testing. However, as the pandemic continues and remote work proves successful, many are considering adopting a more permanent digital setup.
That means it’s time to give some thought to remote working security and the dangers lurking in the home office, coffee shop, or wherever else you choose to work.
The new remote working security threats
2020 is the year of remote work, with a surge of employees working from their home office, dining table, or day bed (we’re not judging). This surge has created a whole unknown enemy of security threats, taking advantage of working from home vulnerabilities.
1) Unsecured networks
Public networks, weak home WiFi security, and overstretched VPNs make company data and devices more susceptible to inception, theft, modification, and malware.
2) Phishing attacks
There has been a drastic increase of cyber criminals are preying on COVID-19 uncertainties, technical inabilities, and the fact that employees can’t shout across the office to see if anyone else thinks an email looks suspicious.
3) Devices
Personal laptops, tablets, and mobile phones are less likely to have the latest security patches and more likely to be misplaced, lost, used by others, and have malicious apps and software unintentionally installed on them.
4) Remote working tools
Remote working tools have their own encryption flaws, including uninvited guests, inadvertent screen sharing, and remote computer access. For example, check out all of Zoom’s privacy woes.
5) Access
With no quick access to tools such like paper shredders or help from IT, employees ‘make do’ without, and can make worrying security mistakes at the same time.
6) Carelessness
Distractions, worries, and the laid-back nature of working from home can lead to less-discerning employees clicking a link they shouldn’t, not conducting proper due diligence when downloading software, forgetting to update software, and leaving personal information out where it shouldn’t be.
How to protect your business, data, and staff when working from home
A remote workforce is always going to carry different security risks to an office-based team, which means you need to take different steps to protect your business and staff.
1. Conduct an audit
It’s nearly impossible to protect your biggest vulnerabilities when you don’t know what they are. Conduct a remote working security audit that pinpoints where security breaches could occur and then take steps to reduce those risks.
This includes assessing:
- Your VPN infrastructure – Can it handle the volume of remote working taking place now and in the future?
- Document access – Who has access to sensitive information and data, and do they need it to perform their role?
- Account access – What are the key tools in your business, and do people have the right level of authority (e.g., administrator access).
2. Update your security policies and procedures
Your remote working security policy probably wasn’t written with the current situation in mind. Therefore, it’s crucial to review, update, and share the following three items:
- Remote work security policy
- Own device security policy (BYOC)
- Data security procedures
1) Remote work security policy
This should cover the roles, responsibilities, and rules for the business, the IT department, and employees. Key considerations include:
- Networks – the networks that can and cannot be used
- Passwords – rules for creating, changing, and storing passwords, including multi-factor authentication
- Device sharing – guidelines on personal and family device use
- App and software downloads – permissions required for third-party downloads
- Document storage – guidelines on the location, security, and backing-up of documents
Tip: Dedicate an all-hands meeting on data security best practices and schedule updates and reminders throughout the year.
2) Own device security policy
This should go one-step beyond your security policy to cover specific rules for employees using their own laptop, tablet, or mobile phone. For example, guidelines on security patches, document storage, antivirus protection, and backups.
3) Data security procedures
These are standard operating procedures that ensure everyone follows best practices for reducing risks and reporting breaches. Common security procedures include:
- How to report a potential security breach, including lost or stolen devices
- How to secure video conferences and webinars
- How to manage access and passwords, including the use of tools such as Okta Account or password vaults
3. Update all software and activate endpoint protection
Even if you know endpoint protection and security patches protect you against the latest threats, your employees may not.
Ensure that all software, malware detection and antivirus tools are kept up-to-date by teaching your employees the importance of updates, showing them how to run updates, and recording confirmation that they’ve completed updates.
Don’t forget: While an employee might think their Mac isn’t susceptible to cyberattacks, it is. Ensure that all devices, on whatever operation system, have appropriate endpoint protection.
4. Move to the cloud
Carrying and losing USBs full of sensitive data should be a thing of the past, but some companies just can’t seem to shake it.
Cloud-based storage solutions such as Google Drive and Dropbox offer secure file storage, sharing, and management. They not only aid remote and collaborative working, but they also protect data from being lost, stolen, or placed into the wrong hands.
Move your documents to the cloud, and then prohibit the use of USB, DVD, and “My Documents” storage for sensitive or quickly changing files.
5. Communicate
For those unused to remote work, communicating becomes all the harder but more important when employees are working from home.
Use multiple secure communication channels to share your policies and procedures, alert employees about threats, and make it easy for employees to speak to someone about an IT question or concern.
The more channels you use, the more likely your employees will read, retain, and act upon your information: Knowledge is the ultimate tool for beating cyber criminals.
Final thoughts
Do you know what your employees do with their empty milk cartons at home? You like to think they recycle them, but you don’t actually know.
It’s the same with your business’ data. You hope that your employees are responsible, taking the same care as they do in the office. In reality, you don’t know if they’re protecting it, sharing it, or misplacing it.
Don’t take the risk of finding out – instead, use these tips to educate your employees and protect your business from the security threats of working from home.