The COVID-19 pandemic forced employees all around the world to hastily shift to a work-from-home model requiring changes not only in the way we work, but also in how their work can be secured. A global survey from Kaspersky, which collected just over 6,000 responses, found that prior to April 2020 approximately half of the respondents had never worked from home before; yet, nearly three-quarters (73%) said that when they shifted to remote work, they hadn’t received specific training on how to safely work from home. Jump forward to today, and it seems the worst of the pandemic is finally behind us, but some employees have found a certain appeal in continuing to work from home, leading employers to wonder how to maintain security when employees work remotely. Thankfully, there are a few best practices employees should be aware of when they decide to work remotely; let’s take a look.
Before we do, though, we must first discuss why remote work must be secured. One requisite for remote work is that security must be everyone’s responsibility, which wouldn’t be an issue in an ideal world, but when employees are preoccupied with other aspects of their jobs, the possibility of being targeted by a cyberattack is never off the table. Unfortunately, employees aren’t always able to recognize a scam. In the first half of 2020, for example, 40% of COVID-19-related emails were tagged as spam—particularly in areas identified as hotspots in large US cities like New York City and Los Angeles, Italy, Spain, and later the United Kingdom. Without proper training, far too many employees were still susceptible to these cyberthreats.
6 Tips for How to Maintain Security When Employees Work Remotely
In a post-COVID world, though, the threat of a data breach has only been exacerbated by the increased prevalence of not only working from home, but specifically remote work—working from a public place like a coffee shop, library, etc. While from the employees’ perspective, there may be benefits to be gleaned from remote work, it can also pose a serious issue from a cybersecurity perspective. These issues include, but certainly not limited to, employees using unsecured public Wi-Fi on work computers, overloaded virtual private networks (VPNs), and honest mistakes when it comes to security priorities. So, securing remote work is difficult, but not impossible. Here’s how:
- Establish a data security policy.
The easiest and most effective way to avoid a cybersecurity mishap is to put together a policy which outlines the specific protocols employees are to adhere to when working remotely. Also, explain how the company will support them in their compliance. It may be a good idea to have employees review and sign the document so they can be held to those standards. You may also elect to monitor employees’ remote work activities—it would be a best practice to let them know ahead of time if you intend to pursue this line of action, and require them to use varied, strong passwords—for this, a password manager may be a good investment.
- Equip employees with the tools and technology they need.
Establishing a work-from-home/remote work policy requires employers to provide the tools and resources employees need to remain compliant. Antivirus software and password management are a good starting point, but VPNs can also be beneficial, however, VPN overload is a common obstacle to remote work security. Here are a few hints to avoid overload and slowdown:
- Change your VPN server location (ideally one close to the actual office location)
- Manage VPN traffic with split tunneling
- Keep track of who and when the VPN is being used
- Prioritize VPN use for specific services
- Ensure the VPN solution in place can handle increases in workload for the entire organization
- Make sure your VPN requires multifactor authentication
Video calls on unsecured wifi have become an issue since the start of the COVID-19 pandemic.
- Update network security systems.
It’s vital that any device that remote employees use to access company or customer data be equipped with network security systems, such as firewalls, antivirus software, and spam filters, but also that these systems be kept up to date. Consider purchasing a mobile device management platform, so if a device is lost or stolen, you can remotely wipe them of any sensitive data.
The Zero Trust structure requires all users inside and outside the organization to be authenticated, authorized, and validated before being granted access to applications and sensitive data. By default, the network is designed to not trust anyone. An organization that implements the Zero Trust model stands to benefit by improving governance and compliance. Organizations also gain insight into users and devices while also identifying business processes, data flows, users, and associated risks.
Multifactor authentication (MFA) requires users to provide multiple types of information in order to verify their identity before accessing the network and data. Common examples of MFA include security questions, push notification numbers, biometrics, and more. Two-factor authentication, for example, is an easy way to ensure remote work security.
- Robust IT Support.
Employee training is a great place to start on your cybersecurity journey, but it can only take you so far. Companies also need to make sure that there is IT support available to guide them through any insecurities or uncertainties. Only capable support resources will allow your company and your employees to fully realize the benefits of remote work while also maintaining the critical cybersecurity you need. The team at Innovative Integration can provide you with this support, so we hope to work with you on your cybersecurity journey. Contact us today.