How to secure remote access workers during the COVID-19 outbreak and beyond.
While the global spread of the COVID-19 coronavirus has caused many employees to work from home, the number of remote workers was growing exponentially well before that. According to a report based on information from Global Workplace Analytics, the U.S. Census and Bureau of Labor Statistics, and FlexJobs, the number of remote workers in the U.S. increased 159% between 2005 and 2017.
Telecommuting increases flexibility, enhances work-life balance, and improves productivity. It also helps employers to incur less overhead and operating costs. However, having a sizeable number of employees working remotely presents a major challenge with regards to cybersecurity, which is a key aspect that many employers may overlook.
When employees are operating in a formal office environment, they’re working behind layers of data protection and privacy controls, from web gateway and email security to assurances that antivirus definitions are up to date. But when computers leave the perimeter, a company’s attack surface widens.
While remote working has many huge benefits to workers and companies, the threat of data breaches is being seriously underestimated. Most managers and decision-makers assume that their employees know how to follow data protection controls and safely work remotely, but the number of resultant data breaches indicates that this isn’t the case. The average cost of a data breach is USD 3.92 million and there are many other far-reaching consequences.
Bad Habits Related to Remote Work
One issue that may endanger your organization involves using unsecured Wi-Fi networks. If your employee’s connection to their home wireless network or public Wi-Fi is not encrypted, it could be easy for malicious actors to access credentials or harvest confidential information. There’s also a risk of increased attacks like malware and phishing emails.
Using work devices to shop online, answer personal emails, or visit social media pages is another example of risky behavior that a remote employee might engage in. Transferring files between personal and work computers or allowing non-employees to borrow work devices are other worrying practices. Employees can introduce new platforms and operating systems that don’t have necessary security controls, opening up security holes in your environment and putting your company data at stake.
Even if we’re focusing on information security, we can’t leave physical security behind. For example, an employee may be exposing their laptop’s screen, talking too loudly on the phone while working remotely, or even leave their devices unattended. These place important data at increased risk of compromise.
Data Protection Practices for Remote Workers
If you already have a remote workforce or are still thinking about it, here’s a look at what you can do to minimize the risk of a data breach:
- Develop a Remote Work Policy
Human error can undermine even the strongest security systems. You cannot assume that your employees know everything about security, compliance or their role in it. To ensure secure remote access, you need to establish a cybersecurity policy that defines telework, remote access, potential security vulnerabilities, and what you expect of employees when telecommuting. This includes the level of remote access you permit as well as the types of devices that are allowed. Require all employees to review and sign the policy.
- Update Programs and Operating Systems
Don’t dismiss software update notifications. New vulnerabilities are always being found in operating systems and applications. And malicious actors can’t resist taking advantage of people being too lazy to update software. Software patches and updates only take a few minutes to install and could save your organization from a data breach.
- Use Encryption Software
Sensitive data sent remotely is always going to be at risk. It could be seen or intercepted by a third-party. Encryption software can protect company data by preventing authorized device users or unintended recipients from viewing the information. All stored data should also be encrypted in case of theft or device damage.
- Ensure Secure Internet Connections
Remote workers will need to get out of the house every now and then. The last thing you want to do is forbid them from working where they feel motivated and productive. However, they need to be educated about how they can keep the company’s data secure. You can require employees to use a Virtual Private Network (VPN) before signing on to public Wi-Fi. VPN encrypts internet traffic and keeps data away from the prying eyes of snoopers. Make sure you’re using the right VPN.
- Set Up Firewalls, Anti-Malware, and Antivirus Software
Require remote workers to have up-to-date firewalls, anti-malware, and antivirus software on all their devices. These will help detect threats and prevent malicious programs from entering your system and data leaking.
- Rely on Two-Factor Authentication
Having a strong password isn’t always enough. Two-factor authentication (2FA) provides an extra layer of protection to your accounts. For secure remote access, users have to provide two authentication factors to verify themselves. The extra step could a text message or email confirmation, answer to a “secret question” or a biometric method.
Stay Safe with SCA
Telecommuting is here to stay. But as your employees leave the building, they don’t have to leave cybersecurity and privacy behind. SCA Security provides Remote Workforce Risk Assessments and a variety of cybersecurity services to address modern-day risks and prevent data breaches.
Request more information to learn more and contact us at 727-571-1141 to schedule a Remote Workforce Risk Assessment with an SCA Security expert.