Due to recent circumstances, life has changed. This includes how and where employees work. Remote employees aren’t new. For some organizations, the majority of their workforce is off-site. Many other companies are scrambling. This is a new environment for them. Suddenly, their employees are working remotely and this leaves questions about cybersecurity.
Even with extenuating circumstances, cybersecurity protocols are still paramount. If a breach happens, companies will still be held liable. Which leaves organizations struggling to ensure cybersecurity practices are maintained, while also allowing employees access to information.
In this guide, companies and employees will find everything they need to know about practicing cybersecurity at home, while still keeping the business operating.
Importance of Cyber Security For Remote Workers
It’s usually simple for employees. They depend on the fact that their company has adequate cybersecurity protocols in place at their on-site work stations. Once they’re at home, the situation changes. In most cases, home networks do not have the same security protocols as businesses.
This can leave remote employees vulnerable to cyberattacks. If nonpublic personal information (NPPI) is breached, the company will be the one found liable. There are some steps businesses can ask their employees to take while they’re working remotely.
- Avoid Public “Hotspots”
Any remote employee will want to avoid using public wi-fi networks. The lack of security makes public wi-fi convenient to use, however, the same convenience makes it an easy target for hackers. Any protected personal information (PII) that is sent or received via a public network is extremely vulnerable to hackers.
The reasons public hotspots are so vulnerable are due to the thin firewalls and observers can watch the data as it appears on the screen. Both of these are violations of cybersecurity standards and put consumers’ personal information at risk.
If employees are working from a public space, instruct them to use a personal “hotspot”. Most personal phones and other devices are equipped to be turned into hotspots. Companies can either supply the hotspot or reimburse employees for the slight expense.
Even though the data transmitted and received will not be encrypted, it won’t be as vulnerable to hackers. A private ‘hotspot’ requires a password to access the information, unlike a public wi-fi network.
- Block Viewing Screen
Employees should already be aware that their computer screens are visible to passersby. They know to be careful when entering PIN numbers and passwords in public, this also applies to when they’re working in public.
Work from home cybersecurity practices apply anytime an employee accesses the company’s network. Even using their own hotspot doesn’t mean that NPPI isn’t still visible.
Employees need to be aware of who is near them and might be interested in the data on their screen. Simply being aware of their surroundings is one of the most important remote working cybersecurity tips employees can learn.
- VPNs and Encryption
All NPPI is already required to be encrypted when it is sent or received over an unsecured network. This applies to remote employees who are using personal devices to work remotely from home.
When it comes to employees that are suddenly learning how to work from home one of the best security practices is for businesses to encrypt all customer data. Virtual private networks (VPN) can also help keep information safe from breaches, but it is limited. VPNs only protect data to and from the virtual private network, not the intended receiver. Even though there are issues with security and VPNs, there are benefits to requiring or suppling remote employees with one.
A virtual private network works by shielding an internet protocol (IP) address. It creates a private path through the internet for information to flow. This data is protected from the sender to the network, its’ downside is that hackers can get in through the receiver. However, there are still benefits to having employees use VPNs.
- Masks browsing history
- Does not show a physical location for online network users
- Employee I.D. theft is more difficult since the network is private
Employee identity theft can also violate cybersecurity regulations, however, using a VPN will help prevent it.
- Educate Employees About Potential Online Scams
Work from home cyber security includes educating employees about potential scams. Companies that previously didn’t have the need for remote workers might be behind on this as well.
With more employees working remotely, hackers are taking advantage of this.
The main thing companies and remote employees need to remember is that unfamiliar emails can be a potential scam. Often hackers use emails as a way to gain entrance into a network. When the email is opened a link is usually embedded. Once the link is “clicked on”, hackers have a doorway into the network.
From there, they have access to all the network’s information.
- Require Multi-factor Authentication
Along with encrypting data and VPN security, remote employees also need a strong password. Companies do not want employees using vendor-supplied passwords. Not only are they considered “weak”, but they’re easy for hackers to crack.
Strong passwords are the first step to multi-factor authentication. Requiring employees with network access to provide two forms of identification will make it more difficult for hackers to gain entrance.
This also applies to video and telephone conferences. Remote employees should not only have personal passwords but also meeting identification numbers to prevent unauthorized access to company meetings.
- Provide Secure Devices
This isn’t feasible for all companies. Some companies don’t have the budget to supply all of their employees with secured devices. However, when it comes to cybersecurity for remote workers it is something businesses will want to consider.
Often employees’ personal devices are not equipped with adequate protection, making them easy targets for hackers. Not only can the data be breached from a personal device but also from the network the employee is connected to. Companies that are required to meet HIPAA, GLBA, or other cybersecurity regulations must protect NPPI whether it resides on the main network or a personal device.
The best cybersecurity practice is to keep all protected data on company-owned devices. However, if this isn’t possible, make sure workers know to avoid all cloud-based applications that have not been vetted for security by the company. Requiring employees to only use pre-approved cloud-based sharing services will limit the number of ways hackers will be able to exploit.
- Track Employees’ Devices
It is crucial that companies have a complete and current list of all employee devices that have access to protected data. Employers will also want to remind remote workers to keep their personal work devices secure at all times. Cybersecurity incidents are often the result of a lost or stolen laptop, tablet, phone, etc.
Some tips for employees include,
- Keeping the screen locked when not in use
- Locking devices up at home, work, hotel, etc.
These simple tips will help protect sensitive data, even when employees are working outside of the office.
- Limit Use of External Device Attachments
External devices, like thumb drives, are convenient to use. This convenience also comes with a risk. Hackers often target these attachments due to the limited security that usually surrounds them. Companies will want to remind remote workers about these risks. If an external attachment is necessary, it should be kept secure at all times.
- Limit Access to Games
There is no shortage of online games ready to keep players entertained for hours. This is a problem for companies with remote employees using their personal devices. It can be difficult to stop workers from playing games on their devices but there are potential cybersecurity risks that come with these fun websites.
Even though employers will find it difficult to limit workers’ access to games and other potentially unsecured websites, management can provide education about the risks. If remote workers are using company-owned devices, blocks can be installed that prevent access to websites that could pose a risk to the network’s security.
- Have an Incident Response Plan Ready
Whether the company has been managing remote workers for years or this is the first time, it’s important to have a response plan in place if an incident occurs. Cybersecurity risks increase when employees are accessing the network remotely and companies need to be ready to respond as soon as a threat is detected.
An example of what should be included in a response plan is the following.
- Identify and restore the last clean back-up.
- The protocols for communicating the incident to the proper officials.
- Procedures to isolate the infected device
- Procedures to separate devices that were not infected.
Having a response plan for employees to follow will make it easier to prevent or contain a cybersecurity breach.
How Businesses Can Improve Cybersecurity
The majority of business owners already understand the importance of maintaining good cybersecurity practices. It is not only a requirement for several acts that include HIPAA and GBLA, but it is also good business sense. If customers do not trust a company with their personal information, they are likely to take their business to a competitor.
Following cybersecurity protocols is not only the responsibility of management and the IT department but the entire staff. This includes remote employees.
Some steps businesses can take to improve cybersecurity on-site and remotely are:
- Understand the cybersecurity threats that affect your business. If you’re not aware of a threat it’s impossible to prevent it. Not all cyber threats will affect every company. You only need to familiarize yourself with the ones that pose a risk to the network and the type of data handled. For example, if the business manages cardholder information cyberattacks that target protected personal healthcare information wouldn’t apply to you.
- Prevent all data leaks no matter the size. Carefully control who has access to data and limit it to employees that require the information to perform their jobs. Requiring two sets of i.d., typically a password and employee identification number or badge, will limit access and prevent damaging data leaks.
- Protection from ransom/malware is paramount. It should be a standard part of a company’s cybersecurity practices. If possible, all remote devices should also have the same malware installed. If remote workers are a new phase just implemented by the company it might not be possible to install the same malware on all employees’ personal devices. There is spyware available that will provide adequate protection. Businesses can reimburse their remote workers for the added expense of installing the spyware.
Work from home cybersecurity is tricky, even for companies familiar with remote employees. The risks for hackers getting access to protected information are heightened and it’s not easy to ensure that all personal employee devices are secured.
There are steps businesses and employees can take to prevent cybersecurity breaches. These can include contacting a cybersecurity specialist. The certified experts at RSI Security are here to answer all your questions and help you keep your network safe from hackers and other types of cyberattacks.