Many employees prefer to work from home, or at least remotely, rather than basing themselves at the office for the whole week. It was already a rising trend before the COVID-19 pandemic, but the social-distancing restrictions brought in by governments around the world made it a necessity in many cases. There are many advantages of remote work to both employees and employers of remote work, but there is also a significant amount of cyber security risk when working from home.
The statistics are fascinating:
- Upwork estimates that 22% (36.2 million) of the American workforce will work remotely by 2025.
- 30% of workers say they are more engaged and productive when working from home.
- Owl Labs found that 55% of respondents say they work more hours remotely than at the physical office.
If remote working is not only here to stay but also set to flourish, businesses need to understand the best practices for reducing the cyber security risk involved. This article guides you through the process.
Why is cyber security important for remote employees?
Developments in software mean that it is possible now to complete all your tasks from a remote environment with the same efficiency as you would in the office. However, that doesn’t mean it is without risks.
Remote workers are more likely to use personal devices to carry out work. After all, this technology is readily available and convenient, and there is no stigma involved with using your own smartphone or tablet, as there could be in the office.
However, this can lead to security vulnerabilities, as employees take potentially sensitive information and place it on a device without the rigorous security measures involved with work hardware. This might result in ransomware attacks through email scams, data theft, and data leaks, potentially breaching data protection laws and costing the company money to repair the damage and pay for the IT department’s time.
Employees working from home might also be more tempted to use shadow IT solutions to carry out their work. These are programs and apps that are not authorized by the IT department and can cause a host of security issues, too. In addition, employees could be using unsecured public WiFi networks if they log on from coffee shops, libraries, and other such spaces.
Knowing how to maintain cyber security is in the interests of both employer and employee.
How to reduce employees’ cyber security risk when working from home
1. Establish a remote work security policy
It is likely that many security breaches from remote working occur because employees simply don’t recognize the risks involved rather than being due to purposeful misconduct. It seems second nature to use the cloud apps you use at home, such as Google Drive, for work purposes if you don’t realize how much more secure working within your company’s protected systems is.
With this in mind, it’s good practice to create a remote work security policy to spell out what you expect of employees, why you have these protocols and approved programs, and what happens if someone contravenes your policy.
Employees don’t set out to put the company’s networks or reputation at risk. So, help them understand how they can protect themselves and the business.
2. Enforce strong passwords
A GitHub post suggests the world’s most popular online passwords are:
- 123456
- password
- 12345678
- qwerty
- 123456789
Of course, these are easy to guess and are not secure at all in avoiding cyber attacks. When remote workers use easily guessed passwords on devices or programs, they create a security vulnerability that could prove costly to your company.
As part of your security policies, it is essential that you enforce a culture of creating strong passwords for your employees. A 12-character password takes 62 trillion times longer to crack than a six-character password, which puts the value of strong passwords into perspective.
Set up a VPN
When remote workers use public WiFi to conduct their work for your business, this opens a vulnerability in your security systems. Cybercriminals can use the security weaknesses of these networks to find out passwords and commit other crimes.
The solution to this is to set up VPNs (virtual private networks) that provide a safe space within the lawless environment of public WiFI. They send the data through an encrypted channel, making it much more difficult to find the actual IP address of the device.
This adds an additional layer of security to the devices that remote employees use when working.
Use multi-factor authentication
Multi-factor authentication (MFA) is a simple but effective way to increase security when logging into devices or programs that remote workers use. It involves using more than one form of identity verification to gain access. This would generally be a password and another way to identify the user, taking from these categories:
| Category | Examples |
| Things you know | A PIN or an answer to a personal question |
| Things you possess | A smartphone on which to receive a passcode or a card reader |
| Things you are | Fingerprints or face identification |
If you require employees to undergo MFA, it makes it more difficult for others to access their devices or files in case someone steals their laptop, for example.
Use a centralized storage solution
The more different locations in which you store your data, the more difficult it is to protect it. This is especially true if your remote workers are saving documents on their personal devices or their own shadow IT cloud services. In these cases, you do not have sight of some of your company, which can be incredibly concerning.
The answer is to create a secure, centralized storage solution in which your employees can save their documents wherever they are working.
This gives you the opportunity to control who can access information and eliminates the need to send documents around over email in order to collaborate. If all stakeholders can utilize the secure cloud copy, they do not need to risk interception and hacking from phishing emails and similar.
Reduce shadow IT usage
Remote employees using unauthorized and unsecured software and hardware is a real issue for businesses, and remote working simply increases the chances of people using these solutions.
Figures vary, but there are suggestions that up to 50% of IT spending in businesses comes through sources other than the IT department. That is a stark reminder of how prevalent shadow IT is.
Unfortunately, shadow IT incurs a number of cyber security risks due to poor security protocols, users working with out-of-date and unpatched versions of software, and other issues. One way to reduce shadow IT is by working with employees to find authorized solutions to their issues.
Employ internet security software
Another way to reduce the use of potentially dangerous shadow IT on your network is by monitoring your systems for unofficial software before removing it. Using tools such as Vaultry, you can find unsecured programs and keep your networks free from these threats.
It is also important to maintain firewalls, spam filters, and antivirus software, keeping them up-to-date and ready to deal with any threats that do make it through your systems.
Provide training to employees
With any influx of new rules and procedures, it is important to keep employees in the loop. Helping them to understand not only what you are doing and requesting of them in terms of cyber security but also the reasons behind these actions.
By understanding how each requirement works to keep the company safe, and therefore, allowing them to continue to work remotely, they buy into what you are doing and will be more cautious of and alert to threats that they might come across in their work.
Reducing risky working practices through training employees is an important way to keep your company protected.
FAQ
What is shadow IT?
Shadow IT is software and hardware that employees use but which has not been authorized by the company’s IT department.
What is a “Zero Trust” approach?
Zero Trust is an approach to remote access to your systems that means you treat each access request as if it is being made for the first time and requires full verification.
Should you include mobile devices in your remote work cybersecurity policy?
Allowing employees to use mobile devices to work can add security frailties to your network, but the reason people want to use them is that they are very convenient. This might mean that you could allow some safer tasks to take place on smartphones while banning others.
Conclusion
There is no mistaking that there is a cyber security risk when working from home. However, remote working is only going to become more popular, so you have to mitigate this risk. Communication with employees and training them to help them understand both the risks and the solutions will help, as well as providing VPNs and the like. You can monitor your network for threats using Vaultry, which detects shadow IT and other activity on any device connected to your systems so that you can remove it. Get started with Vaultry today to protect your business.
