It’s no secret that the global pandemic has forced many professionals into work-from-home situations. The sudden remote working environment has become such a challenge for both employees and managers/employers, and as if those weren’t bad enough, there has also been a tremendous increase in phishing, hacking, and various other forms of cyberattacks targeting people working from home.
Many cybercriminals are exploiting the fact that many companies are simply not ready with the shift, allowing many people to work on unsecured systems.
So, how should organizations and employees protect and manage data security in this work-from-home world? Here are a few tips you can use.
Update Your Remote Work Policies
Factors related to human error remain the biggest causes of successful data breaches and other cybersecurity threats. This situation is further amplified in a work-from-home situation where direct supervision can’t be put in place.
Therefore, it’s crucial for companies to update their remote work security policies to include more recent cybersecurity threats, as well as to consider various work-from-home scenarios.
Some important areas to include in your remote work security policies are:
- Mandatory requirement for secure and unique passwords
- Best practices in avoiding spam and other social engineering attacks
- Inventory of company-owned and BYOD devices, and their users for safety monitoring purposes
- Policies on accessing company assets with unsecured personal devices and networks. For example by requiring employees to connect over VPNs.
- Policies on video conferencing
- Data backup and recovery
Employers with employees in work-from-home situations should also improve their remote security by:
- Migrating essential business applications to the cloud. For example Office 365 or Google Suite. Using cloud solutions will shift the “responsibility” of data protection from your server to these third-party cloud application providers, which typically include updated security features
- Implement 2-factor authentication (2FA) authorizations on user accounts and key areas of the business that store confidential information.
- Requiring the use of password managers to automatically generate and store complex and secure passwords
Document your cybersecurity policies, and effectively communicate the safety policies and your overall safety program to all team members working from home.
2. Train and Educate Your Team
Human errors and lack of security awareness remain the top causes of successful data breaches. However, according to a recent Microsoft survey, security education was the least invested among the other security precautions.
No matter how advanced your security system is and how comprehensive your policies are, your company’s cybersecurity is only as strong as the least security-aware person in your company, so educating your employees is extremely important.
Make security training a part of the new employee onboarding process, and refresh courses regularly to cover new trends and threats.
Your training program should at the very least teach your employees to:
- Protect themselves from email phishing and other social engineering attacks
- Using remote working tools (i.e. Zoom) securely
- Run software updates on their OS and applications regularly
- Use strong and unique passwords and/or use a password manager
- How to protect their devices physically (i.e. not leaving laptops unattended
- Use caution with public wireless networks
It’s also crucial to train employees on how to keep their work separate from personal activities, especially when browsing the internet from the same device. If necessary ask employees only to use company-owned devices or BYOD devices for work for business use only.
3. Invest In Adequate Security Infrastructure
Training your employees and implementing the right policies won’t be enough if your website, network, and the whole system aren’t protected with adequate cybersecurity infrastructure.
Organizations should only use secure third-party applications to facilitate remote working, like a secure collaboration tool and video conferencing solution.
While cybersecurity infrastructure can be a pretty deep subject to discuss, you can at least consider the following:
- Only using secure third-party solutions, and make sure they are configured properly
- Replace older hardware that is no longer supported by its manufacturers
- Install adequate firewall and antivirus/anti-malware solution, update them regularly
- In general, update all OS and applications when updates are made available, especially when there are new security patches and fixes
- With most cybersecurity threats are performed by malicious bots, it’s crucial to protect your eCommerce website with advanced bot management solution like DataDome
- Invest in high-quality VPN and require employees to use this VPN to sign in and access company data. Make sure the VPN is up-to-date and secure.
4. Address Shadow IT and Monitor Unsecured Devices and Tools
Employees may use tools not approved by your company for security reasons or may use practices that are prohibited by your security policies for one reason or another.
Probably they are too lazy to do 2-factor authentication every time they get back to their laptop after making a coffee, or probably they use their personal laptop instead of the work-issued laptop. This practice is called shadow IT.
While it’s going to be very difficult for companies to prevent this practice in a work-from-home situation, the best thing we can do is communicate.
Communicate why it’s crucial for employees to follow the designated security policies, but at the same time, listen to their feedback, concerns, and pain points. Give them opportunities to suggest devices and tools that might help them in performing their work without breaking your security policies.
5. Design Robust Authentication Policies
While it’s also important in a traditional office setting, it’s crucial in a work-from-home situation to prevent employees from having access to more data than what was necessary to do their job. The more access they have will translate into more potential vulnerabilities, but in practice, it can be difficult to accurately monitor employee access across the company’s whole operation.
This is where developing comprehensive privilege/authentication policies is very important. It’s best to assume that no one in your company can be trusted (due to negligence or malicious factors), and only share access to data when it’s absolutely required for their current task. Revoke access when the data is no longer essential for their job.
It’s crucial to understand that keeping work-from-home secure is not only the responsibility of the IT or security department, but it should be a company-wide effort. By following the tips above, employers can more effectively manage employees when working from home to avoid data breaches and other cybersecurity issues.
At the same time, employees can more conveniently perform their jobs without having to worry about security and privacy.