Cyber Security Challenges & Best Practices for Remote Working
With the craziest days of the pandemic behind us, as the dust settles, it’s no secret that the way we do life has been dramatically reshaped. And one of the main changes we’re seeing is that more jobs offer remote options as more people want to work from home.
This blog article is for the business owner or IT manager that’s having to figure this out for their organization. With more people working from home, there are inherently more cyber security challenges. In this blog, we’ll talk about the challenges of working from home from a cybersecurity perspective and then share the best practices so you can keep your company, your employees, and your data safe.
5 Common Security Risks with Working From Home
When the days of working in the office were prevalent, many of the common security risks were mitigated, just by everyone being the the same, controlled environment. Offices have secure wi-fi, company-owned hardware, and in some cases, even physical security where employees have to badge in and out.
Working from home, you have none of these things to maintain security! Workers are going to Starbucks and jumping on public wi-fi and they’re often using their own device. If you’re trying to figure out how to protect your business from a cyber threat, it’s importnat to know what you’re up against. Here are the 5 most common security risks your business will face with a remote workforce.
Ransomware
Ransomware is malware at its ugliest—a form of malware that takes a victim’s information and locks them out of it, all while demanding a ransom for access. According to recent data, ransomware is on the rise, costing the globe $20 billion. And the same report showed that 37% of businesses were hit by ransomware in 2021.
Sometimes, larger companies just pay the ransom for their data. But for smaller businesses, often they can’t afford to pay the ransom, and their corporate data is just lost.
Cyber attacks with ransomware are less common than other cyberattacks, but they are more costly. In 2019, the average ransom amount was $84,000, up 4 times the ransom amount in the previous year.
How does this affect your remote workers? Automatically their risk is higher if they’re working on their own devices. And if your business doesn’t already use a VPN (virtual private network) it doesn’t matter what device they’re on—they’re more susceptible to the costly implications of malware.
Unsecure Wi-Fi
Most people are familiar with walking into a public space and hopping on the wi-fi, whether that’s for a work session or just to save data on your phone. The trouble with public wi-fi is that even if it’s password protected, lots of other people have access to that password, and you can’t necessarily trust them.
What are the main risks of your employees using unsecure wi-fi? People can potentially see what your remote workforce is seeing, they can impersonate them and scam other people with that information (and it could look like it was coming from your company), and they can collect sensitive data.
Weak and shared passwords
Your team might think that sending a password they just received from a client via Slack or email is innocent enough. But if their computer ends up being hacked, that sensitive data is there for all to see. There are ways to share encrypted passwords with an affordable password manager, but we will get into that a bit more later.
Sharing of files
If sharing files via Google Drive or Dropbox is commonplace in your business, it’s important to think about what’s in those files and what it would mean if the wrong eyes got ahold of it. Of course, the healthcare and financial industries have the most sensitive data to protect.
But even the most benign company typically has some amount of personal data from customers and often billing information including credit card numbers or account numbers. These things obviously need to be shared in encrypt files, but sometimes that gets lost with people working from home.
Personal devices
If your business was one that had the majority of people in office, the pandemic drove them home, and then many of them stayed, your team is probably already using company hardware.
But in today’s gig economy, 14% of people in the US consider independent contracting as their primary job, and nearly 30% of Americans do at least some part-time gig work. If your business hires independent contractors—and many do—you’re working with a section of the workforce that is more vulnerable to cyberattacks.
And, even if you do supply a company devices to your employees or contractors, working from home, they’re more likely to sign in to work software on a personal device. And of course, personal devices are more susceptible to cyberattacks.
It’s not all doom and gloom through. With all the positives of a remote workforce, we don’t need to throw the baby out with the bathwater! Your team just needs to make sure certain measures are in place.
Best Practices for Remote Working Security
While there are risks to employing remote workers, none of the risks are without solutions. Best practices for working remotely show businesses of all sizes how to navigate the work-from-home era while reducing risk of a data breach. Between training, software, and hardware, we’ll share some of these best practices with you here.
Employee Training Best Practices on Security Threats with Remote Workers
If it isn’t already, regular security training needs to be integrated into continuing education. It also needs to be a part of your onboarding. Whether you administer it internally with your security teams or through a third party IT company, people need reminders of what could put them at risk. And, malware is changing and growing all the time, so there will always be new precautions your team needs to be aware of.
Keep family members away from work devices
It’s important that your staff knows that family and friends are not to use their work devices—ever. This isn’t always an easy rule for your staff to follow or enforce, but it’s absolutely vital. In your onboarding, emphasize this policy, and that sensitive corporate data needs to be protected, even from those we trust personally.
Remote work security policies
Make sure your business has security policies, and that everyone knows what they are. If an employee is moving to remote work for the first time, or for new employees, make sure they understand the policies for working remotely. You should also emphasize why these policies are important so your team knows the rules are there for everyone’s protection.
Software Best Practices for Remote Working Security
There are many software that provide security solutions for the top 5 risks we mentioned before. While these software have a cost, they’re well worth it for what they could save you down the road—both financially and socially/publicly.
Using virtual private networks
Virtual private networks, or VPNs, are one of the most effective ways to protect company data. Even if staff are using personal devices, using a VPN means that they’ll have to sign into the VPN with a password before they can access company files or even the internet.
A VPN creates a secure connection between the device and the internet, and all the data that moves during that session moves through an encrypted tunnel, even when employees work remotely. If your business isn’t already using a VPN, it is absolutely worth it!
Set up secure password sharing
Say goodbye to the days of sharing a password via Slack and just hoping that nothing bad happens. Software like Lastpass or 1password are easy to install, easy to use, and allow you to share and store passwords in a safe way.
These software also checks for weak passwords so your team can change their own passwords should they become vulnerable.
Use antivirus/ internet security software at home
Make sure that whether staff are using their own devices or company-provided hardware, they’re running the latest antivirus and security software. Antivirus software detects malware and then removes it, ideally before there is any damage done.
Teach your team that it’s important to take those few minutes to update to the newest versions of antivirus software because the newest versions will protect against the latest online security threats.
Use a centralized storage solution
Using centralized storage, including cloud-based storage solutions, is the best practice for keeping files secure. If you’re looking for recommendations for cloud-based storage, we’d be happy to share with you some of our favorites. Between a VPN and centralized storage, data breaches are far less likely to occur.
Hardware Solutions for Remote Working Security
We’ve talked about training and software security solutions, and the last thing to cover are hardware solutions.
Dedicated work devices owned by the company
We’ve already pointed out that personal devices are a major point of vulnerability. Dedicated work devices owned by the company automatically alleviate many of the concerns with personal devices. Even if your business uses contractors, it may be worth it to provide a company computer. If your team is mostly W-2 employees, dedicated work devices are an absolute must, even if your team is remote.
Another benefit to dedicated devices is that there is less risk of a misplaced device. People are more careful with their work devices, and less likely to be carrying them around when the are out and about.
Invest in a sliding webcam cover
A simple and inexpensive hardware precaution is to provide sliding webcam covers for your team. More hackers are accessing people’s webcams. A webcam cover keeps your team protected when they don’t need their webcams for video calls.
ABQ-IT specializes in helping New Mexico businesses with their IT needs, with an emphasis on cybersecurity. If reading this blog made you realize your company is vulnerable, we’d love to help you implement solutions that will keep your business safe from a cyberattack.