As the workforce shifts to a remote setting, employers find themselves with new challenges and concerns.
Technology enables operations to remain efficient: For most businesses, a remote workforce can maximize time and contribute value from anywhere. However, the use of this technology can put companies, employees, and clients at risk. According to the 2019 IBM Cost of a Data Breach Report, the average cost of a data breach is 3.92M USD.
Thankfully, there are simple, cost-effective steps that both businesses and employees can take to mitigate risk and protect their assets.
The top four work security measures when employees work from home (WFH)
By definition, cyber security is designed to keep people safe from attacks.
As Scott Ingram, Cyber Security Practice Lead at Performance Improvement Partners shares, “People are always the primary focus. That’s the first goal: ensuring everyone’s safety. The second priority is the safety of your company and its intellectual property. Once secured, you’re ready to move forward with business goals.”
Here are the top four ways to ensure the security of any business and its community, while also preserving business growth.
1. Secure home workstations and personal devices
Workstations, also known as the hardware employees use to conduct business, take multiple forms in a remote work setting. In this case, the hardware needing protection includes laptops, tablets, and even mobile phones.
Work with your IT department to ensure employees have antivirus software installed on all devices, including home computers, which have access to company data.
In addition, require full disc encryption to be installed and enabled.
Similar to the key that locks your house, full disc encryption protects the hardware should an employee’s device become lost or stolen. Passwords alone are not enough to secure company data: In 2005 – 2015, nearly 41% of all data breaches were the result of lost phones, computers, and tablets.
2. Educate employees on social engineering attacks and scams
When employees are working out of the office, it becomes harder to monitor social engineering attacks. In this type of cyber threat, criminals manipulate individuals into divulging personal identifiable information (PII).
Now is the time to create internal communications that educate employees on how to recognize these attacks.
Start with how to spot phishing emails. In a business context, cyber criminals often mimic the names and email addresses of senior leadership, knowing staff will jump to reply to the CEO and often unknowingly disclose incriminating information.
Vishing is a similar tactic, which also plays on emotions. In this case, scammers use an internet telephone service (VoIP) to practice Caller ID Spoofing, creating false phone numbers.
Apply the same action steps for both phishing and vishing – always alert the IT department immediately with even the slightest suspicion that something is “off.” Reinforce the dangers of sharing personal information on any device or platform, including social media. Risk is especially high at times of crises when attackers pose as organizations seeking to help those in need.
Additional information on how to avoid spoofing scams can be found on the FCC’s website.
3. Ensure home network security measures are taken
The IT department works hard to secure the safety of its business network. When moving to a remote work environment, employees must take similar steps in their own homes.
Provide a VPN for employees to utilize when working on a public network, including coffee shops, hotel lobbies, and airports. Remind employees to install updates on home devices, as these contain the latest software patches. When possible, encourage people to use separate computers for personal and work activities.
Home network infrastructures, such as routers, should follow manufacturer guidelines on system settings. These networks have specific password guidelines, and should include at least 14 characters with uppercases, lowercases, numbers, and symbols.
4. Implement password safety guidelines
According to the 2019 Verizon Data Breach Report, 80% of hacking-related breaches are tied to passwords.
And, with the average business user having 191 passwords, it’s common to create passwords that are easy, rather than safe. In fact, a study by Harris Poll and Google revealed that 66% of people reuse passwords.
Create strong password guidelines and ask employees to implement them on all devices – whether company issued or personal – that are used for business purposes
Utilize password management software to ensure these guidelines are followed. In addition to storing passwords, this software generates truly unique passwords with a higher level of security. For more protection, implement a single-sign on (SSO) tool. Multi-factor authentication (MFA), when available, should also be activated, providing an added layer of security.
Protection from cyber threats when employees work from home
While a remote work policy serves both businesses and employees, the cyber risks must be considered. By putting the above steps into practice, companies can maintain business continuity when activating a virtual workforce, while maintaining safety from cyber-attacks. Keep your business and your portfolio safe by downloading your free cyber security checklist with the steps outlined in this article.
To secure your virtual workforce, contact John Bisack at Performance Improvement Partners — we’re here to help.