11 Cyber Security Tips and Best Practices for Remote and Hybrid WorkersReelika Tammeoru
Remote work is all the rage, and it’s easy to see why. Employees want flexibility and freedom while executives want less overhead and more productivity. Since most businesses have already transitioned communications to the cloud, it just makes sense.
However, as the number of remote teams and a hybrid workforce increases, the sophistication and amount of cybersecurity breaches have also, unfortunately, increased. For example, Google registered more than 2 million phishing sites in 2020, up from 1.7 million in 2019 (a 27% increase in one year). The number of identity thefts reported by the FTC doubled from 2019. In addition to this, CybSafe reported that one-third of UK businesses have suffered a data breach in the past 12 months because of remote work.
New remote workers may not even be aware of what to look out for, while veterans may feel that the situation is hopeless. According to a recent IDG Research Services survey commissioned by Insight Enterprises, almost 80% of senior IT workers believe their organizations lack sufficient protection against cyberattacks despite increased IT security investments in 2020 and according to Shred-it, 86% of C-level executives believe that the risk of a data breach is higher when employees work remotely.
There is hope, however. If your business takes care to implement the best cybersecurity practices now, it is much more likely that you will avoid a security nightmare and save your company from suffering a huge financial loss, and an even bigger headache.
The Unique Security Challenges Of A Hybrid Workforce
Cybersecurity is essential, whether your workers are in the office, hybrid, or remote. However, in-office workers are generally protected by layers of security when it comes to data and communication. Once workers move outside the office, new vulnerabilities appear. For example, an office network will likely be secured by firewalls, VPNs, antivirus software, and other measures to ensure VoIP security.
Many home routers don’t have a firewall, and even home routers that double as a firewall may not be as secure as a business firewall. Even if VPNs and WiFi security software are installed on employee devices, once working remotely, those employees become solely responsible for keeping the software up-to-date.
Many of the security vulnerabilities that come along with remote work can be minimized, however, with a few clear-cut policies, some training, and IT support for your remote workers.
Checklist Of Best Practices
These best practices are generally accepted by cybersecurity professionals as being the most effective in preventing or at least minimizing a security breach. If your remote workforce is informed of these policies and, most importantly, agrees to put them into practice, you can rest assured that your company has the best protection against an attack.
1. No Public Wi-Fi
Working out of a Starbucks may seem idyllic, but using their Wi-Fi can cause a host of problems. The lack of firewalls allows anyone using that network to easily hack into your company’s data. In fact, hackers that are on public networks anywhere that your data hits between you and your office can monitor traffic as it goes by. If you still want to work from Starbucks, set up a personal hotspot and VPN.
2. Be Aware of Surroundings
According to a study done by Code 42, a laptop is stolen every 53 seconds in airports alone. Losing a laptop is bad enough, but if there is a data breach on top of that, it could be a catastrophe.
Instruct your remote workers not to be careless with their work laptops. If they happen to be working in a public space, they should remain alert. They should make sure that their sightlines are blocked, meaning, no one can sit behind them and watch/record everything they are doing.
Employees should take their device with them to the restroom and avoid leaving it in a car (even a locked car). It is also important that remote workers keep the doors of their homes locked just as the office is locked up every night.
3. Encrypt Stored Data
In the case that a device is stolen, you can avoid the disaster of a data breach if the data on your device is encrypted. Make sure that remote workers are all using devices that are set to encrypt all stored data.
4. Do Not Use Personal Devices for Work
If your remote workers are using their own personal devices to conduct work on, chances are, they are exposing the company to a security breach. The protocols that your company has for keeping data safe such as regular updates, virus scans, and malicious site blocking are likely not being kept up by remote workers on their personal devices.
Your remote worker may not be aware of all that your company does to keep data safe, for one, and secondly, your remote worker likely does not have the same budget for cybersecurity that you have for your business.
5. Enable Email Encryption
Emails are another point of vulnerability for remote workers. Just as you want to ensure that all stored data is encrypted, it’s also a good idea to encrypt the data attached to any email, as this will prevent an unintended recipient from viewing the information.
6. Don’t Allow Non-Employees To Access Work Devices
When it comes to cybersecurity, it’s important to keep as much control as possible over devices. Remote employees should never share their devices with non-employees. Even if it is someone they know, a non-employee who doesn’t understand your company’s security policies could unknowingly open up a pathway for malicious actors.
This is true even if the non-employee only wants to use the employee’s work device as a temporary “charging station”. Additionally, some of your employees may be too trusting, and it is easier just to have an “employee only” policy than to have rules about who can and can’t use work devices.
7. Disable All External Drives
USB thumb drives are some of the most popular vehicles for bad actors to use to install malware. These malicious actors would install malware onto 30 or 60 thumb drives and then distribute them where an unsuspecting worker would pick one up and, thinking it was theirs, plug it into their device. With the advancement of cloud storage solutions, there is almost never a reason to use an external drive of any type, USB or otherwise. Unless your employee is a photographer or videographer, you should disable all external drives on work devices.
8. Password Policies
Your employees may unknowingly invalidate several expensive security measures if they have weak or repetitive passwords. Make sure that your company has a password policy in place instructing employees to choose strong, unique passwords and to have different passwords for different applications that they need to use for work. Work passwords should also be different from any personal passwords.
9. Train Employees To Recognize Signs of a Breach And Report Immediately
The sooner your IT or security team finds out about a breach, the better the outlook will be. Train your employees to recognize the signs of a security breach and to report it as soon as possible to your IT or security team. Some things that should tip off your remote workers to a breach are:
- An alert from the anti-malware software indicating that a virus or malware is present.
- A new homepage or default search engine comes up unexpectedly.
- There is a sudden and significant decrease in performance.
- There is a sudden increase in spam and pop-ups.
- They are receiving frequent error messages.
10. Consider a Secure Access Service Edge (SASE) solution
SASE is essentially an “as-a-Service” cloud solution that combines wide-area networking (WAN) with network security functions, cloud access security broker (CASB), firewall as a service (FWaaS), and zero-trust network access (ZTNA). SASE tools can identify malware, decrypt the content, and continuously monitor sessions for risk.
11. Keep Your Employees Away From Nefarious Websites
Torrent and pirating websites will obviously expose your business to a host of malware. Most companies will have a prohibition against employees going to such sites on work devices, but if it ever happens and one of your employees accidentally downloads a file of malware from a website of ill repute, firing them for breaking company policy will be of little solace.
Here is a creative tip to keep your employees from ever breaking this very important rule in the first place: Use some of the money you save from transitioning to a remote or hybrid workforce to buy your employees subscriptions to reputable music and movie websites such as YouTube Premium, Disney+ or Netflix. This investment will serve double duty as a fun perk for your team as well as a strong deterrent to visit nefarious entertainment sites.
Remote and hybrid work has become more appealing than ever to both employees and business owners, but the threat of a security breach is a big drawback. To address this, consider investing some of the savings you receive by going remote into a solid cybersecurity plan. If you implement the best cybersecurity practices now, you and your team will be able to enjoy all the benefits of remote work without the dark cloud of a security breach looming overhead.
This blog post was first published by Mitel.