As the world continues to adjust to the Covid-era, more and more employers across Canada and the U.S., including Microsoft, Google, Shopify, OpenText and Facebook, are implementing permanent work-from-home solutions for their employees.
While this offers a safe, convenient solution for employees, it can pose substantial security threats to companies if proper cyber security measures aren’t taken while an employee works from home.
Here are 11 remote work security best practices for safeguarding company data and equipment.
11 Tips for Working Remotely and Cyber Security
1. Work From Home and Cyber Security Protocols and Policies for All Employees
When employees are moving to a work-from-home set up, it’s important to put policies in place that address information security.
The remote work network security protocols should include detailed information about safeguarding data on mobile devices and computers, as well as a specific set of rules regarding the storage of personal apps and files on company devices. These protocols and rules should also be part of the standard employee handbook.
Additionally, any remote work IT security policy should protect the employer’s right to remove its data from employees’ personal devices.
2. Employee Passwords
According to the 2019 Verizon Data Breach Investigations Report, 80% of all hacking incidents are the result of weak passwords.
When setting employees up to work from home, your organization should enforce strict password policies as a part of your remote work information security procedures.This includes:
- Enabling Multi-Factor Authentication, which makes it more difficult for a hacker to gain access to work devices and systems, since simply knowing a password (step 1) is not enough to pass the authentication check. 80% of security breaches that were caused by bad password usage could have been prevented by multi-factor authentication.
- Requiring strong passwords that include a combination of letters, numbers, and symbols. These type of passwords are harder to remember and to decipher.
- Ensuring employees change their passwords at least every six months.
Also, employees should not be permitted to recycle old passwords, as this could provide cybercriminals with access to many different company accounts and vulnerable, confidential information. However, multi-factor authentication will reduce the chances of a breach occurring even if the password is compromised or insufficient.
3. Increase Your Telephone and Video Conference Security
Many employees discuss confidential matters with clients and colleagues over video conferencing apps. In a remote work environment, the risk of outsiders listening in or inadvertently catching wind of conversations is high.
You can reduce the risk of private information getting into the wrong hands by requiring employees to use meeting identification numbers and passwords on video communications platforms such as Microsoft Teams.
Avoid using teleconferencing apps that have known security vulnerabilities like Zoom.
4. Encourage Employees to Secure Their Work Stations
When providing lessons in cybersecurity, work-from-home employees should be encouraged to take steps to secure confidential information by maintaining constant physical security, locking home office doors and computer screens anytime they step away for any reason, as well as maintaining work devices that aren’t shared with other members of their household.
In addition, using endpoint protection and threat mitigation software can help protect what are often not company endpoint assets.
Interested in learning more? Check out these blogs:
5. Make Sure Employees Can Recognize Phishing Scams
As more company’s move to a work-from-home setup, it’s vital to train employees to recognize phishing scams to ensure computer security remote work.
While it might seem like common sense more than 80,000 Canadians fall victim to phishing scams every day.
Phishing and telephone scams related to COVID-19 have become commonplace across the U.S. as well, according to the CDC.
According to the Canadian Centre for Cyber Security, the following red flags can come up with a phishing scam and employees should keep these in mind:
- You don’t recognize a sender’s phone number, email address or name
- The sender asks for confidential or personal information
- Grammatical and spelling errors in an email or text
- Urgent requests (for money, for example) with a deadline
- Hidden links, attachments, fake website pages and log-in pages
Even if your business has never fallen victim to a phishing scam, taking preventative measures is always recommended.
To mitigate phishing scam threats, the following security strategies have proven to be beneficial:
- Regularly review security issues in your industry to stay in the loop
- Update your software, so that it is less vulnerable to cyberthreats
- Keep your browsers secure and make sure company computers run a HTTPS extension, which is encrypted and provides greater protection
- Install a trusted antivirus software
- Instruct employees to use different passwords for different logins
- Instruct employees to never click on links within emails – it is safer to type in the link instead
- Teach employees what a phishing attack looks like and how it could affect your business. KnowBe4, the world’s largest security awareness training and simulated phishing platform, provides fully automated training modules for your business which are customized to your company’s soft spots.
In the event that an employee falls for a phishing scam and clicks on a suspicious link, make sure your company has a process in place to deal with this security breach and that it is reported to your IT department for further action. With the proper training and awareness about phishing scams, however, the likelihood that your employees will take the bait will be significantly reduced.
6. Make Data Encryption Part of Your Regular Network Security Process
Data encryption is important for any company, but encrypting data becomes even more essential when your employees work remotely.
Key points to keep in mind to safeguard your data:
- Ensure that data is encrypted at rest and in transit at all times
- Ensure that data residency requirements are encrypted
- Ensure that data stays on company devices, or in a company VDI environment
- Ensure that it is possible to “claw back” data if an employee leaves for any reason
It’s also important to make sure employees store work and files on your company system to maintain encryption, so that digital data remains confidential.
7. Issue Secure Devices That Your Employees Can Use for Remote Work
By providing devices for your employees, you can ensure that a cyber security remote work solution is in place on the devices they use for work.
In most cases, home computers, tablets, and mobile devices aren’t secure enough to handle confidential company data.
Depending on your industry, you may be required to store client data with specific security protocols.
It’s absolutely vital to provide your employees with devices that have been set up by your information security remote work team, so you can ensure that strict and specific security measures you require are in place.
8. Check Employees’ Wi-Fi Connections
Before allowing your employees to engage in remote work, security experts should ensure that Wi-Fi connections are private and secure in the employee’s home remote work environment.
Encourage employees to avoid working in locations outside of the home with public Wi-Fi networks, where you are not always aware of who is accessing the network – and train them to create personal hotspots using a secure, company-issued mobile device.
9. Restrict the Use of Personal Mobile Devices For Company Matters
In some cases, external devices are necessary for employees to use while transferring or storing information.
However, the use of these devices should be limited and when used, employees should be reminded to safeguard devices – through using home Wif-Fi connections or personal hotspots, for example – to keep confidential information safe from external threats.
Additionally, it’s necessary to ensure employees are limited in websites and apps they access when using employer devices.
According to the McAfee 2020 Mobile Threat Report, more than 50% of mobile malware apps can remain hidden on a device, where they can steal information that can be sold or used against the victim or business.
With BYOD policies now prevalent in the workplace, using personal mobile devices to access company data has now become commonplace. However, these personal devices come with security and data risks, as they may not have malware detection programs, antivirus software or updated security patches installed.
The safest course of action would be to ask employees to use company-issued devices instead of personal mobile devices.
Unlike your employees’ personal mobile devices, your company-issued devices should have the following:
- Data-security safeguards in place that protect devices against unauthorized mobile device access
- Remote management to disable unauthorized users or applications
- Automatic deletion of confidential data in the event that a device is lost or stolen
- Data backup
10. Establish a Zero Trust Model of Cyber Security
One of the best ways to mitigate cyber security risks is to implement a Zero Trust approach to security. With employees now accessing company data, files and systems from multiple locations and devices, your network is increasingly vulnerable to malicious threats and security breaches.
Zero Trust helps put the control of your network back in your hands by putting up access barriers.
Essentially, Zero Trust means that companies should not automatically trust anyone – whether outside or inside their organization. This means that even an employee will only be granted access to the network if the network recognizes the user and most importantly, knows whether they are authorized to access it.
Some ways to build a Zero Trust Network, include implementing technologies such as :
- Multi-factor authentication (as noted above)
- Identity and Access Management (IAM)
- File system permissions
In short, users must earn the trust of your company’s network. To make Zero Trust especially effective, it is important that you implement company policies and protocols that limit overall access to your network, with employees only having a minimum level of access to the information that they need to do their job.
11. Be Prepared for Security Breaches
While putting these rules and procedures in place can offer a great deal of protection from cyber security threats, no cyber security work from home plan is foolproof.
It’s important to have a contingency plan in place in case of a security breach. Although your business may already have a response plan in place, it’s important to adapt to the changing times by preparing a comprehensive, cyber security remote work procedure and emergency response plan to fully protect your business.
If you have remote work security concerns and are looking to enhance security measures for your business through a strong remote work security policy, we can help. Our team of cybersecurity experts will guide you on creating a work from home strategy that safeguards your business and provides you with some much-needed peace of mind.