How can your business protect against remote work cybersecurity risk?

One of the biggest changes companies of all sizes saw in the past year was the rise of remote work from the occasional perk to an option employees want on a permanent, full-time basis. Many companies may be perfectly happy to provide that kind of flexibility to staffers who have earned the leeway, but even if you have complete faith in all your employees to be highly productive at home, you still have to be highly vigilant.

That's because with remote work comes increased cybersecurity risk. You may be able to control a lot of factors in the office, such as who accesses what files, which devices are connected to your company network and so on. But there are a lot of more "ifs" to consider when people are accessing sensitive data at home, from a local coffee shop or anywhere else.

Indeed, during the COVID era, cybersecurity concerns rose markedly, according to data from Security Magazine. That included a 128% year-over-year increase in the amount of malware activity online in the third quarter of 2020, 29% more botnet activity and so on. As this work continues and, in all likelihood, proliferates, it creates even more ongoing risks — which can no longer be considered a temporary issue — including data breaches based in the cloud.

That, in turn, means that small businesses in particular may be vulnerable, as they do not typically have significant tech and data security budgets, let alone their own dedicated IT departments. But that doesn't mean there's nothing to be done and that these (potentially costly) security incidents are just something you have to grit your teeth and accept.

Allowing more remote work? You need a cybersecurity plan for that.

So what can your company do to combat this threat while still giving your employees the remote-work flexibility they now realize they want? The following tips should help:

Require software updates on a regular basis

Among the easiest ways for criminals to get into a system is when companies or individuals run old versions of the software they use on a daily basis, according to Forbes Advisor. The companies releasing these programs will typically issue updates on a regular basis to fix bugs and patch security vulnerabilities, so you and your employees have to be proactive about installing them as soon as they are released.

Train everyone to spot scams and threats

There are many ways in which your data and documents may be breached, but the most common is by people clicking on links they shouldn't, providing login details to people presenting themselves as legitimate, or downloading files that purport to be related to business but are in fact malware, Forbes Advisor added. For that reason, you need to train your employees to spot these threats and periodically let them know about some of the common scams they are likely to face.

Boost tech and software use

If you don't require your employees to use antivirus, antimalware and firewall software anytime they connect to their work accounts, you are leaving an unnecessary risk on the table, according to Norton. You should be providing all these programs for workers and training them in how to set up and maintain their security posture effectively. The benefits could be invaluable.

Set up two-factor authentication on all accounts

It should be mandatory that any accounts your employees use for work be required to use two-factor authentication, if the option is available, Norton recommended. That way, even if a hacker has access to certain login details, they will still have a difficult (or even impossible) time accessing sensitive information.

Discourage use of public networks

Among the key tenets of a good remote security plan is requiring employees to only connect to WiFi networks that are locked and password protected, according to GlobalSign. That way, just people who are approved to log onto that network can "sit" on it, and outside risk is kept to a minimum. Sorry, but that means no logging on from the cafe down the street.

Provide VPNs

Alternatively, you can allow them to access your files from public connections, but only if they log into a virtual private network, GlobalSign noted. That adds an extra layer of security between your employee and a would-be hacker who is trying to intercept data they transmit or download. You should be willing to foot the bill for these services, because they're a small investment for a big security boost — and can therefore be seen as paying for themselves if they avert even one attack.

Back up everything in the cloud regularly

One of the most common types of attacks these days is ransomware, which locks you and your employees out of your own systems unless (or until) you pay thousands of dollars or more, according to Cybereason. However, if you are backing up all pertinent files to a secure cloud server that is separate from your broader network, this threat won't be able to stop your business operations.

Remind workers to keep work-related devices safe and locked

Any devices your employees use to connect to your network or access your data need to be kept as safe as possible, Cybereason said. That means keeping smartphones or tablets locked when not in use, never leaving them unattended, password-protecting logins and more. This is a simple change that can have a big impact on your organizational risk.

Designate specific devices for work purposes

Likewise, it's important that your employees do as much as they can to keep personal device use and work purposes separate whenever possible, according to Kaspersky. For example, you don't want a worker looking at important spreadsheets on their laptops and then turning the computer over to a toddler so they can watch YouTube videos. Mandating this separation — or even providing work-specific devices — is likely a good idea.

Improve password habits

Finally, you'll note that many of the above issues relate back to password security in some way, and that also means your employees should be more aware of how much risk they may face if they're not cognizant of password best-practices, Kaspersky warned. That means never repeating passwords across different accounts, and making sure every one has an almost random collection of at least 10 different numbers, letters and symbols.

With all of the above in mind, however, your company should never assume that its data is fully insulated from risk, breach or other threats. Sadly, even the most vigilant of large businesses, which may protect mountains of highly sensitive data, end up affected — and therefore, so can your company.

As such, you need to craft a highly strategic, comprehensive data breach response plan that you can turn to if (or, in all likelihood) when you are affected by such an incident. This plan should be completed in full compliance with local, state and federal law to ensure you have as few liabilities as possible. That, in turn, will help you respond appropriately and potentially keep yourself, customers, clients, employees and business partners as insulated from the threat as you can be.

Categorised in: Asset & Liability Protection

This post was written by