A few years ago, Edward Snowden revealed that users of Facebook, Google, and other high profile IT companies had their information stolen just by accessing these sites. Their emails, photos, documents, and even their calendars were all stolen.
The thieves turned out to be the United States government, which uses a program called PRISM. The software is a packet sniffer and was deployed near giant tech companies.
Now, imagine the same thing happening to your company. An employee working out in a coffee shop logs onto the establishment’s open/free Wi-Fi network where a hacker can easily compromise his or her laptop.
In a matter of minutes, the hacker is able to obtain company e-mails, login credentials, and even files and documents. If a huge company, such as Facebook, can’t stop a similar attack, does that mean you’re doomed?
Remote Workers: The stage is set
The advent of the Internet has made it possible for employees to work from home. Some workers even prefer to work remotely than having to commute to the office every day and showing up for work late – already frustrated because of the traffic.
Global Workplace Analytics estimates that 4.3 million Americans work from home half of the time. There are also 115 percent more people who are telecommuting today than in the past 10 years.
What’s more, 16 percent of companies are now only hiring remote workers. Meanwhile, Upwork estimates that by 2028, close to three out of four departments will have at least one remote worker.
No matter how you look at it, working remotely out of one’s home is here to stay, and it continues to change workplaces not just in the United States but all over the world.
Advantages of having a remote team for your company
You might ask why you should even bother with remote workers. From a security point of view, it’s going to be much simpler to just get everybody into the office where there is a secured network, behind a firewall, and all the antivirus and antimalware programs are in place.
There are several reasons why businesses allow remote working, according to CEOWorld Magazine’s Alexandra Dimitropoulou.
- First, your employees are more productive when they get to avoid traffic and the commute by staying home. They can start work with a fresh mind and they even turn in full shifts or more worth of work.
- Remote work also makes your staff happier. That’s because they are able to achieve a work-life balance. They get more time with their family and save more money.
- Remote work can also prove to be cheaper for the business. There are fewer overhead costs. You don’t have to pay for heating and cooling, and can even save on having computers open for the entire day.
- Businesses also benefit from being able to hire talent a lot easier. For instance, you can hire talent from out of state or even those living abroad.
- What’s more, businesses can gain an image of being progressive. Remote working communicates the idea that the organization places value on its employees’ well-being and happiness.
- Lastly, you get to retain top talent. When employees have flexible work schedules and locations, they feel more at ease. When they’re happy and suffer from less stress, they are less likely to leave.
Cybersecurity and remote workers
All of these benefits do come with one significant caveat: it’s much more difficult to secure your network and protect your IT assets when there are so many endpoints that are outside of your premises. Each one of your remote workers is a potential entry point for cyber attackers and hackers.
But there are some strategies that can help you bolster your cybersecurity in this age of remote workers.
1. Don’t use unsecured public Wi-Fi networks.
Spiceworks reported that a little more than six out of every 10 employees use public Wi-Fi networks. Staff working in coffee shops, airports, hotels, and other similar spaces don’t think twice about using whatever available Wi-Fi connection they have.
The problem with unsecured public Wi-Fi connections is that it’s possible for a hacker to sniff out confidential data, such as login credentials. They can even access your laptop or smartphone, and steal your password. That, or they can put malware on your device.
You can require your employees to use a virtual private network when they connect in public places, or you can provide each remote worker with his or her own personal hotspot.
2. Make endpoint security a priority.
Endpoints are devices that you have connected to your network. When you have remote workers, you have endpoints that are well outside your premises. And each one of these devices, computers, and mobile devices is a potential entry point for hackers.
The 2018 State of Endpoint Security Risk report reveals a lot of sobering and alarming statistics. More and more endpoints are being attacked, and the frequency of attacks is increasing as well.
What’s more, it costs an average of $7.1 million to respond to a hacking or cybersecurity event because of compromised endpoints. In fact, you will shell out $440 for every compromised endpoint.
Antivirus programs didn’t help secure endpoints that much, as they missed 57 percent of attacks. You also lose productivity, as patching takes an average of 102 days.
“A successful set of Bring Your Own Device (BYOD) policies is key to reducing cybersecurity risks that can come with remote workers,” says Dan Smith, Co-Founder and CRO at Zeguro. “But don’t focus on just the devices that your employees pay for and use for work. Company-issued devices should also have strong endpoint security. Install the latest versions of apps and software and set up automatic updates. Using firewalls and VPNs might also help.”
3. Use cloud-based applications when possible.
To cut down the risks of hackers using devices your remote workers use in order to gain access to your network, you can lessen the instances in which they will need to log into your company’s IT assets to do their job.
You can do this by using cloud-based applications. For instance, you can use a service like Dropbox to exchange files, rather than giving them FTP access to your network. You can also use something like Google Docs for them to submit and collaborate on documents and spreadsheets.
Cloud services are often more secure than your remote worker’s personal computer. If they have an infected file and they upload it to a cloud app, chances are, the file will be rejected or disinfected before it can reach you.
4. Create policies for both your cybersecurity and remote workers.
“Cybersecurity policies are an important foundation to your organization’s security posture,” explains Smith. “Implementing rules and procedures for remote workers will set your expectations for how they should behave when it comes to cybersecurity. These policies should include security best practices and should be easy for your employees and contractors to understand. They will probably not differ too much from the rules and regulations that you have in place for your in-house employees but include some additional sections relevant only to remote workers.”
It should also include which positions are open for telecommuting. You must be transparent in telling your staff which jobs are okay for working remotely and which ones are not.
There are some posts that are not suitable for remote workers because it’s too much of a security risk. For example, if you are working on the design of the next breakthrough product, then you should probably be at the office.
You should also include a list of tools, cloud services, and platforms your remote employees should be using to do their jobs. It helps to approve sites for cloud storage, communication, video conference, project management, and other similar apps and software.
Your policies should also include a detailed guide on what employees should do when their accounts are compromised.
5. Train your remote workers about the best practices in cybersecurity.
You will need to ensure that all your staff, especially those working remotely, are trained about the best practices in cybersecurity. They should be able to detect an intruder or recognize a phishing e-mail.
They should know how to use the latest cybersecurity tools, such as an anti-virus or VPN. They should have a full understanding of the implications of having a data breach happen to the organization.
Most of all, they should know what to do if they think they’ve been victimized by a hacker.
If you think that’s a given, think again. At least 30 percent of employees asked by Wombat Security Technologies didn’t know what malware or phishing is.
Training employees to have a cybersecurity mindset starts with them actually knowing what these threats are and how to contain them.
6. Employ cybersecurity best practices.
Even remote workers should know and implement the best practices for security that will protect them and your business from hacking attacks.
Some steps include:
- Setting up a strong password for all accounts that must be changed periodically.
- Multi-factor authentication that provides an added layer of protection.
- The use of VPNs.
- Endpoint security solutions.
* * *
When you are implementing cybersecurity measures for remote workers, there are essentially three processes that you do.
- The first is to implement the security practices that you have been using all along: passwords, anti-virus software, multifactor authentication, and other similar steps.
- Next is to lessen the attack surface. Using cloud-based services, approving the devices, apps, and software used, and limiting the opportunity for remote work only to non-essential personnel are good examples of this process.
- Lastly, is to train the remote worker everything about cybersecurity. From giving them a thorough understanding of your cyber hygiene policies, the tools to use and how to use them, to knowing what to do in the event of a successful attack.
Cybersecurity for remote workers is never an easy task, but there are many benefits that you can gain. Done right, you can avoid headaches of having to deal with a data breach or hacking incident. You can only enjoy the benefits and advantages of having remote workers.
Excellent article. For my law firm, we have a two tiered securty system. Our computers are consistly backed up to the cloud using Carbonyte, which is a phenomenal service, and every two weeks, our tech team manually backs up our computers to local external hard drives.
I need to read more on this topic…I admiring time and effort you put in your blog, because it is obviously one great place where I can find lot of useful info.
Such useful guides always help people in
Cyber risk is the biggest risk to any individual and organization. Your tips will surely help in reducing the attacks. Keep sharing such post.
This is my first visit here, and I will certainly come back. Thank you for sharing this post. Your blog is absolutely awesome.
Best wishes
Really appreciate such kind of topics. you are doing a great job . Keep it up