Work-from-Home Cybersecurity Tips for Employers and EmployeesRisk Management
It’s become clear in most industries that a large-scale shift to remote work is inevitable. According to Upwork’s December 2020 Future Workforce Report, 57% of teams are now at least partially remote, and 41% have transitioned fully to a work-from-home environment.
Remote work has many benefits, but it also brings new types of cybersecurity risks that can harm employers and employees alike. An uptick in at-home distractions, access from insecure networks, and the use of personal devices for work provide ample opportunity for hackers to strike. Additionally, the storage of valuable company data in employees’ homes may also make individuals a more valuable target for hackers.
Hackers are acting on these newfound opportunities. According to the FBI, cybercrime complaints jumped 300% after the coronavirus pandemic hit. Whether you’re at the helm of your startup or you’re a member of the recently remote workforce, these work-from-home cyber security checks are essential to ensure both your private and professional safety.
Cyber Hygiene Tips for Remote Workers
It’s a good idea to prioritize cybersecurity in your home whether or not you’re a remote worker, but once you bring valuable company data and equipment into your domain, you become a more valuable target for potential hackers and cybercriminals. In order to keep yourself, your family, and your company safe, establish these baseline cybersecurity habits.
Keep Home and Work Devices Separate
Logging into company platforms and accessing company data from multiple device locations creates more opportunities for hackers to find a security breach they can exploit. Mobile devices in particular are far more vulnerable since they travel outside the home, connect to public and unprotected networks, and are more likely to be lost or stolen.
Use Unique Passwords
Resist the temptation to use the same password for multiple devices or accounts in order to make them easier to remember. Instead, ask your employer about purchasing a password manager like LastPass or Digital Vault. Not only do these programs encrypt your passwords to keep them safer but they also eliminate the need to remember anything but the master password you use to access the program.
Enable Maximum Security Settings
All of your devices and accounts should utilize the maximum possible built-in security. Check your settings to ensure that:
- Your router network is encrypted
- Devices require a password to unlock
- Auto-lock is set to engage after short periods of inactivity
- Two-factor authentication is turned on wherever available
- WiFi and Bluetooth discovery settings are turned off
Plenty of cybersecurity attacks prey not on firewalls or antivirus protections but on the individual. Phishing scams and social engineering attacks rely on access being mistakenly granted by an employee, usually because they’re not paying close attention. Given that there are far more distractions at home than in an office, these attacks are much more successful with remote workers than in-office ones. In fact, a 2020 study among employees found that 47% of those who admitted to clicking on a phishing link attributed the mistake to being distracted.
Lock Down Your Smart Home
When it comes to cybersecurity for your work, you’re probably mainly concerned about your office devices like computers, printers, and mobile devices. But everything in your home that’s WiFi-connected can provide hackers with an access point through which they can eventually find your work device.
So a hacker gains access to the water temperature of your WiFi-connected fish tank: what’s the big deal? The issue isn’t what’s stored in the smart device itself, but the fact that it provides a hacker with a connection to your home network and, by extension, to every device on that network.
Lock down your smart home by installing strong passwords on all of your devices, even seemingly innocuous ones like smart electricity outlets and smart sprinklers. If a smart device doesn’t allow you to set up sufficient security protocols, get rid of it.
Remote Cybersecurity Tips for Employers
On the company side, transitioning to partial or fully remote work is a major operational undertaking that requires planning, resources, and support. Unfortunately, many companies didn’t have the luxury of foresight when COVID-19 drove a 27% increase in employees working from home full-time. Now, as many organizations transition once again from temporary work-from-home to full-time remote employment, employers will need to identify and patch existing cybersecurity vulnerabilities and prepare to defend against potential future attacks.
Implement or Refresh Cybersecurity Training
In a 2021 cybersecurity survey, Kenna Security reported that a shockingly high 31% of companies do not provide cybersecurity training to their employees. Even if you’re among the 69% that do, that’s not a guarantee that your programs are effective. The same report found that, among those who had received cybersecurity training, 61% still failed to pass a basic cybersecurity quiz.
The best way to ensure that your employees are up to date on your cybersecurity protocols and practices is to administer regular training and testing. According to researchers, refreshers should be required at least twice per year.
Turn On Multi-Factor Authentication
Prevent unauthorized access to company platforms and accounts by turning on multi-factor authentication whenever possible. Multi-factor authentication provides a quick but powerful extra layer of security by asking users to confirm the login request using another device or account associated with their identity. According to Microsoft, multi-factor authentication blocks over 99.9% of account compromise attacks.
Perform a Home Network Assessment
It’s not wise to assume the level of cybersecurity in your employees’ homes is adequate for storing and accessing company property. As part of your remote transition process, you or your IT department should perform a basic assessment of each employee’s home network to ensure:
- Their router is high quality and up-to-date
- Network encryption is enabled
- The router’s SSID name has been changed
- Discovery options are disabled
Provide Necessary Software
In addition to providing updated physical equipment like routers, you’ll also want to invest in a full suite of security software for your employees’ home use. To maximize security, you’ll want to include:
Virtual Private Network (VPN)
VPNs encrypt a user’s internet traffic and disguise their identity and IP address, making them a more difficult target for hackers. You can provide employees with individual hardware VPN devices or you can subscribe to a software VPN service that travels with the device on which it’s installed. This will also allow employees to work safely from other locations if necessary, like while traveling.
Password Management Platform
Password managers encrypt and store users’ login information in a central location that they can access with a master password. Some platforms and devices like Google Suite and Apple iCloud include built-in password managers. For professional use, however, you should invest in a paid password manager like LastPass, Dashlane, or Digital Vault. Whereas native password organizers are designed for user convenience, these applications are purpose-built for cybersecurity and offer stronger password protection.
It’s worth noting that, although cyberattacks are a far greater threat, there’s also a possibility that employee equipment may be physically lost or stolen. This can give hackers an opportunity to launch a cyberattack using company data or property that’s stored on the stolen device. Software like DriveStrike or LifeWire can allow a company admin to access the stolen device remotely and delete files from afar.
Even if the computers your company provides come with built-in firewalls and malware protection, you may want to invest in additional antivirus software on top of what comes built-in on each device. Norton makes antivirus programs that are compatible not only with PCs and Macs, but with iOS devices and Androids as well.
Encourage Good Cyber Hygiene
Though equipment and software can do a lot to keep us protected, users still need to actively practice good cybersecurity habits in order to keep themselves and their devices safe. Don’t assume that your employees will practice these tips on their own; set automatic reminders for things like regular password changes and send updates when new versions of software are released.
While these tips can help defend against cyberattacks and prevent breaches and hacks from happening, it’s important to prepare for what happens in case a cyberattack does manage to compromise your company’s systems. Cyber insurance will help you pay for the expensive aftermath of a hack, including data or funds that have been lost as well as lost revenue caused by the breach. Knowing you’re protected against cybercrimes will reassure you that, even if a data breach does occur, it won’t be enough to keep your company from thriving.
Companies can fall prey to a wide array of emergencies like PR fiascos, product malfunctions, platform outages, hacks and more. To make the best of these worst case scenarios, it’s essential to be prepared.