How to Keep Remote Staff Security-Minded when Working From Home
As the Coronavirus, or COVID-19, begins to circulate around the globe there is already talks of businesses implementing work from home policies.
It is hoped that by doing so, this will at least slow down the spread of the virus in places where it would thrive, cities, public transport and offices.
This is all part of a policy known as 'population-distancing' which is hoped will help slow the spread of the virus
Companies, such as Twitter have led the way. They have decided to make it mandatory for all 4,900 of their employee's to work from home. Amazon, Google and other leading tech brands have followed suit, limiting the amount of workers coming into the office.
What are the challenges of working from home?
Many companies just aren’t set up to work from home. It will be difficult for them to adapt to this new working system, but essential for avoiding illness.
There are many physical jobs, such as builders, drivers, attendants etc. which simply cannot be done from home. Precautions must be taken for these most susceptible groups who interact with members of the public on a frequent basis.
For these workers, illness will mean having to slow down vital infrastructure. So, wherever it is possible to reduce employee’s exposure, such as in office-based companies this will help everyone to contain the virus.
However, working remotely comes with security as well as infrastructure challenges, and this will be the focus of the rest of this blog.
What Security Threats do Your Employees Face when Working Remotely?
With this transition, comes risks. Especially those of keeping company data secure. Many companies, especially SMB’s, will not be able to provide their employees with personal computers, and therefore employees will be relied on to use their own devices.
This is a goldmine for hackers and scammers. This is because they are working on their personal devices, which have a larger range of access and goes unsupervised. This increases the risk of installing malware or being phished, which can jeopardise the security of the company.
Hackers and scammers prey on the most vulnerable, and we have already seen an increase in phishing attacks related to coronavirus and the World Health Organisation. It is also then likely, that as workers increasingly become remote- this will be targeted more by malicious actors.
Besides the increased risk of scammers, are the users themselves. Working from home blends the personal and work life in many ways, one of which being internet habits. Employees may find themselves switching from work to business email.
The issue is, when one is compromised the other becomes increasingly at risk. Entering business credentials on compromised devices or networks could leave the business account exposed to hackers. It's essential to check for malware, and make sure to use a VPN as an extra precaution.
Educating your employees on best practices when working from home will be essential to the security of your business.
How can your organisation implement a Remote Working Strategy?
There are a number of steps every organisation should take when implementing a Remote Working Strategy:
1. Lock your device
It’s a simple but very obvious tip and one that’s easy to forget. If you’re mobile working, make sure that any time you are away from your device the device is locked and stored safely. The last thing you would want is not only your device being stolen but also the data on that device being breached. Make sure you keep devices you are using for work purposes away from prying eyes!- Log out when your device is not in use.
2. Use strong passwords
Strong passwords are still the key to keeping your devices secure. Make sure that when working from home employees do not begin to mix their business and personal passwords. Therefore, if one is compromised the other will stay secure. Use a password manager, and follow the guidelines of using 'three random words' for the most secure password.
3. Set up two-factor authentication
Setting up two factor authentication is a necessary step in protecting your online accounts from hackers, by providing a second wall that they need to get through to access your account. You will be notified by phone/email of any suspicious activity.
4. Make sure BYOD devices do not contain malware and have the latest up to date anti-virus software.
The most important thing to do when working from your own device is to scan for malware. Especially during the time you are using this device for work purposes, you need to ensure there are no malicious actors spying on your password data. If they end up getting access to a business account this could then lead to much bigger problems further down the line.
5. Have the correct policies in place
Review your current policies, and make sure all those that apply are continued through to remote working. For example, if you have a bring your own device (BYOD) policy. This may need to be extended company wide as people work from home. Send an email reminder of the policy to make sure those who are not familiar with the policy are aware and up to date with the latest facts.
6. Risk assessments of remote workers.
Tools, such as uBreach can be used to assess if employees have been compromised. Checking who has potentially been compromised and notifying them will help identify the weakest points in your security. Remember to do this in a private and sensitive manner.
8. Focus on user education
If users are to practice safe internet use, they need to be aware of potential risks to be aware of. Many companies have introduced general cyber-security awareness training, to make users aware of phishing,
9. Don’t allow employees to share work devices with other members of the home.
Some employees will allow their family members to use their work laptops or devices, leaving those devices exposed to risk. Use of personal devices should be limited to work only if that is possible.There have been phishing attacks that have targeted the children of employees, as they have used laptops or other devices to sign up to non-work websites or accounts.
10. Don’t download company information
Downloading information to your computer to work on from home, such as financials etc. could be a risky move. Unless you are sure that your computer could not be the subject of a breach, having data stored on your hard-drive could leave you exposed.
11. Use VPN’s/and data encryption
VPNs disguise your computers location, therefore making it more difficult for hackers to target you. As well as this, encryption software can make it more difficult for scammers to decode any sensitive information such as passwords.
Our goal is to increase awareness of best practice and promote safety in the workplace.