Security Tips for Any Employer Who Has Remote Workers Online
The pandemic was a catalyst for many changes, not the least of which was the change in where we worked. With businesses and buildings reluctant to become potential petri dishes of disease real or imagined, employees began to work from home in historic numbers. In most cases, home offices were set up quickly and without much thought for data security and privacy protection.
Today, 60% of adult workers have returned to the office full-time, according to survey data from WFH Research. However, 40% either still work from home full-time or split their time between home and office in a hybrid work model.
Every employer who supports full-time or hybrid remote workers needs to make sure their cybersecurity is up to the task. Following are six tips to guide you.
The Difference in Working from Home
Depending on an organization’s size and nature, an IT individual or team will manage information technology, data tools, and cybersecurity for all office locations. However, for employees working from home, data risks and security vulnerabilities may be greater in each individual’s home office. This is especially true if they are using a mix of company-owned and employee-owned devices, where the lines between personal use and business use may be blurred. As an employer, you can take a number of actions to secure work done remotely in order to better protect your data.
Tip 1: Develop WFH and BYOD Policies
The challenges associated with employees bringing their own devices to work and using those personal devices in performing their jobs and conducting business dates back to the early 2010s. Back then, a Bring Your Own Device (BYOD) policy and procedures were requisite among enterprises and large businesses trying to avert the potential threats inherent in consumer-grade devices. Companies imposed BYOD security best practices on device-toting employees in an effort to keep intruders out of their networks, systems, and databases.
In this post-pandemic era when 40% are still working from home at least part of the time, remote workforce security is crucial. While you’re dusting off the BYOD playbook and reactivating those security protocols, develop a Work-From-Home policy as well. For starters, it should address the tips below and weave them into a coherent policy and procedure manual that your IT and security staff, as well as your employees, can easily access and implement. Be sure to keep these and all security-related policies updated and relevant.
Tip 2: Provide Cybersecurity Awareness Training
As the current threat landscape evolves with startling frequency, it’s important to ensure that all employees, including management, are trained in how to recognize and avert security threats. And they should be retrained, and then trained again next year, and the year after, to become and remain security compliant. As the weakest link in the security chain, employees warrant every investment in cybersecurity awareness training. (And violators should be penalized in accordance with an established internal policy.)
Cybersecurity awareness training must include how to spot and avoid phishing scams—both email and telephone phishing—because this ploy very often leads to data theft and ransomware demands. A ransomware event can bring an organization instantly to its knees and keep it there for weeks, with data frozen and business operations reduced to manual processes. To further aid in effectiveness, training should be interesting and memorable, and offered in various formats to suit various learning styles. Testing is recommended as a memory aid. And by all means include your WFH and BYOD policies in training content!
Tip 3: Treat Each Home Office as a Branch Office
Just as you would treat your branches and satellite offices as part of the company, you should address employee home offices similarly. Antivirus and antimalware software should be pushed out to every company-owned device regardless of its location. If personal devices are used for legitimate business purposes, they should be wrapped in the same security.
Provide your remote workers with a Virtual Private Network (VPN) when connecting to company assets from their own devices. Obviously, the VPN should be configured properly and be kept fully current with security patches. Your VPN policy should require that employees use the VPN only when they need it for work and turn it off when not in use for work. And since employees use their home networks and internet connections when working from home, take an extra step for your mutual benefit. Assist them in understanding how to configure their wireless routers and personal firewalls to keep their home networks—and your data—secure.
Tip 4: Secure Your Meetings Wherever They Occur
Half of adults working full-time (49.5%) cite face-to-face collaboration and socializing as the top two benefits of going into a company office to work. And 30% say that having face time with their manager is a top benefit. Conversely, only 17.3% of remote workers cite fewer meetings as a benefit of working at home.
The fact is that meetings and face-to-face collaborations are a requirement for any business with more than one or two employees. However, meetings from home offices are apt to be less secure and private than those conducted on company equipment on company premises.
Any video-teleconferencing platform to which remote employees connect should be secured with end-to-end encryption.
The hijacking of video-teleconferences, including ‘Zoom bombing’ attacks, has disrupted virtual meetings to the extent that the FBI published recommendations for improving security when using videoconferencing software. The FBI tips include:
-
Ensure meetings are private, either by requiring a password for entry or controlling guest access from a waiting room.
-
Consider security requirements when selecting vendors. End-to-end encryption offers important privacy and security, so make sure your software includes this feature.
-
Keep your software current by promptly installing software updates and security patches when they are made available.
In addition, webcams on personal laptops and other devices used for meetings should be blocked or covered when not in use. Smart hackers can easily access web cameras in order to invade privacy and view data they have no business seeing.
Tip 5: Enforce Stricter Access Protocols
Today, best security practices demand that employers set up and enforce the use of long and strong passwords and require them to be changed every 90 days. There are plenty of tools that can help you put these protocols in place and set them to run automatically to enhance your remote workforce security.
More and more businesses are requiring all employees to use multifactor authentication (MFA) when logging on to all company websites and applications. This means they are not allowing employees to decide when and if they want to switch to MFA—employers are making that decision for them, and without exception.
Multifactor authentication offers three different categories of identity verifiers or authenticators for organizations to choose from in beefing up access security throughout the organization, including remote workforce security. The intent of MFA is simply to make sure each user is authorized to log in and is not a hacker or bot up to no good. The three categories are:
-
Something You Know – Such as a password, passphrase, or PIN.
-
Something You Have – Such as a tangible security token, smartcard, or software application, or verification text, email, or phone call.
-
Something You Are – Such as a fingerprint, facial recognition, or voice recognition.
If you haven’t yet taken this step, what on earth are you waiting for? It’s a simple solution with enormous and immediate security benefits.
Tip 6: Require All Employees to Store Data Centrally
It’s tempting for employees working from home to store their files quickly in some personal online place, with the intention of uploading it to the company cloud when they have a moment. But until that data actually arrives in your central storage space, it’s probably not secure and it’s certainly not part of your data backup routine.
If your business relies on cloud or server storage, chances are your data is protected by multiple layers of security, starting with a firewall. Require all employees to use your secure company storage solution, and make sure they know how to do it, when to do it, and why to do it. Send auto-reminders. Publish simple instructions. Provide online training.
With this program in place, if your organization is hacked or suffers a data breach that compromises local files, at least you’ll have a complete backup of all data in your central storage, including your remote employees’ work.
Summary
According to recent survey data from WFH Research (October 2022 to January 2023), 40% of working adults in the U.S. either work from home every day or split their time between remote work and office work. This timely research offers employers an opportunity to double-check their work-from-home policies and procedures, and to implement and enforce security safeguards for employee access, virtual meetings, data transmission, data storage, and many other business processes that need to be secured.
Recognizing that employees are the weakest link in the security chain, it’s vital to make compliance with your security procedures mandatory. But don’t stop there. You must also (1) enforce your security requirements rigorously, (2) train and retrain all employees relentlessly, and (3) impose consequences for employees who fail to comply. Remote workforce security can be a challenge, but these security tips are an important step toward meeting that challenge and securing your data in all its locations.