Yes – but these 7 steps can mitigate your risk when employees work remotely
For 4.3 million Americans, commuting to work is as simple as strolling over to a home computer.
Half of U.S. workers hold jobs that allow them to work remotely at least part of the time, according to a study by GlobalWorkplaceAnalytics.com. In fact, the number of people who work from home full-time has grown by 140 percent since 2005, the study said – and that’s not counting the self-employed.
Remote working is a trend that’s here to stay, as Millennials reshape the modern workplace to achieve work/life balance. It also gives companies unprecedented access to top talent from around the world.
But while remote working can enhance your business, it can also leave its sensitive data and assets exceptionally vulnerable to cybercrime. Nearly half of workers admit to transferring files between their work and personal computers when they work remotely, according to a Cisco study.
Thirteen percent of remote workers send business email to customers, partners, and colleagues from less secure personal accounts, the study said. And more than 75 percent said they don’t employ privacy measures when they are working remotely in a public place like a coffee shop – making it easy for hackers or anyone to see what they are doing and jeopardize your company’s security.
In 2014, the U.S. Postal Service suspended its telecommuting policy after falling victim to a data breach.
Remote workers will only become an Achilles heel to your company’s cybersecurity if you let them. Follow these steps to minimize your risk and keep remote working as a safe and viable option for your company:
- Make a plan. Outlining company policy on cybersecurity is an important first step toward reducing the risk posed by remote workers. But only 39 percent of small businesses have a formal cybersecurity plan in place that offers detailed guidance about creating passwords, storing and deleting data, seeking assistance if something suspicious occurs, and other high-risk areas. Without a policy to follow, employees are likely to make a mistake or ignore a potential threat until it is too late.
- Encourage the use of company devices. It’s infinitely easier to control the security measures on a company-owned device than an employee’s personal computer or phone. For that reason, it’s always wise to encourage – or even better, require – remote workers to use company devices.
Mobile devices are especially vulnerable. If company phones aren’t an option, make sure employees understand that using their personal devices to text sensitive data like passwords or account information is a major cybersecurity risk.
- Keep connections secure. Of course, small companies – or those who deal with independent contractors – may not be able to give separate company devices to their staff. Installing a Virtual Private Network (VPN) can also help reduce the cybersecurity risk posed by remote workers by encrypting data and creating a hidden connection between the user and the company. Put simply, a VPN functions kind of like a firewall for online information, allowing users to securely access and share data remotely through public networks.
VPNs are especially useful when remote employees opt to work out of places with unsecured internets, like coffee shops or cafes. Clever hackers can even create their own public Wi-Fi network that mimics the coffee shop’s and looks legitimate; enabling them to view credit card numbers, passwords, emails, and other sensitive company data after a remote employee joins. By connecting to public Wi-Fi through a VPN, any data that’s transmitted is encrypted and secure – and safe from malicious users.
- Store documents in a single place. An important strategy for keeping sensitive documents safe is storing them in a single cloud location that is secure but easily accessible to invited users. Spreading documents across individual laptops in inboxes, hard drives, disconnected file shares, or chat applications makes it easy for hackers to gain access.
- Understand what constitutes a strong password. Not only is it important for remote workers to create strong passwords, but it’s critical that they use different passwords for different platforms. The latest guideline from the National Institute of Standards and Technology (NIST) no longer insists that the best passwords are a complicated string of numbers, special characters, and random letters.
Rather, NIST asserts that phrases, lowercase letters, and an unexpected combination of typical English words like “’appledogpeanutstaple” are secure and confuse automated hacking systems.
- Prohibit personal email accounts. Yes, it’s probably easy to dash off an email from a personal account when you’re working at home. But consider this: allowing remote workers to use personal email accounts to conduct business means that your company’s data is being stored on mail servers outside of your control – and they might be anywhere in the world. It’s impossible to know all the places where your company data is stored or has been transmitted once it’s been sent through a personal account.
- Train your staff. Your cybersecurity protocols only work if your employees follow them. Regular checkups and training sessions will keep remote workers informed about the latest threats and ensure that they take cybersecurity seriously.
It’s especially important to train remote workers to recognize and report threats from email communications, internal platforms, and external websites. Human error – such as clicking on a malicious link in an email – accounts for the majority of successful cyber-attacks. The sooner you can investigate and block malicious activity, the better the chance of preventing a full-blown data breach.
Remote workers can be a major cybersecurity risk, but only if they aren’t aware of the steps they need to take to mitigate the risk of cyber-attacks. By establishing a clear cybersecurity policy and making staff training a priority, your company can create a remote team that’s committed to following the best cybersecurity practices.
Absolute Logic’s clients across four states and 40 industries are guided safely through the threat landscape. Our Absolute Security powered by CyberGuard360 includes a wide array of services such as system security suites, risk assessment, education, and training and disaster recovery, and we specialize in helping New York companies comply with 23 NYCRR 500. If you’d like us to put our expertise to work for you, we’d be happy to help. Call us at 844-315-9882 or use our contact form for a free consultation.