If you are reading this from home during the COVID-19 crisis when operating remotely( Remote workers ), you are in good company. A new report by Global Workplace Analytics found that even before the coronavirus forced us all to work from home, remote work had risen by 173 percent in the last 15 years, with almost 5 million telecommuters in the United States alone.
Recent results indicate that remote workers are more successful and happier relative to those workers who lack the same versatility.
However, given the advantages of remote employment, a critical question remains: How do we protect these workers from sophisticated cybercriminals, many of whom regard workers working beyond on-site IT security boundaries as “easy pickings?”
These days, office security risks are not the only concern for defenders; the battlefield reaches well beyond desks and cubicles, and into homes and coffeehouses. Therefore remote job safety must be a top organisational priority.
With that in mind, let’s look more closely at some smart tips to protect your remote workers from cyber threats.
Ensure strong IT hygiene in all environments
Picture a remote worker and you possibly imagine someone in a café, coffee shop or home office. What normally do these settings have in common? Insecure Wi-Fi support. Public Wi-Fi is the worst security offender in commercial settings and one of the most common vectors for cybersecurity attack.
It’s also a simple job for hackers to steal log-in credentials or instal malware due to the vulnerability of public Wi-Fi networks. Phishing attacks complete with fake websites and links that look like the real thing are another popular Wi-Fi threat for the public and one of the most pressing challenges to remote work security.
Despite these risks, there are still significant numbers of remote workers using public Wi-Fi. A recent study of Spiceworks Data found that more than 60 per cent of staff in companies use company-issued devices on public Wi-Fi networks. Nevertheless, the coffee shop is not the only dangerous setting: Poorly secured home Wi-Fi often poses a threat. The proliferation of connected smart devices in the home has increased the number of points of attack which means remote workers need to be more proactive in securing their home offices.
One of the best ways to reduce the risks of public or poorly protected networks is to enable businesses to use a virtual private network that enables secure connections. Although this can be successful, it must also be combined with thorough training.
Invest in educating remote employees
Since remote workers operate in some highly challenging environments, it is important that they are educated in an online environment to understand best practises for threat and vulnerability. As humans are the weak point of any protection framework, it is difficult to understate how critical that is. Also the best-trained among us are likely to make an mistake over a period that is long enough.
Cybersecurity training conducted at regular intervals is imperative to manage all types of workplace threats: online, offline, in the office or out of the office.
However, when conducting these sessions, it is important that the specific challenges associated with remote work are really emphasised. Show staff how to spot common phishing attacks, raise awareness of spoofing and other tactics and ensure that the fundamentals of good IT hygiene are understood by all. If a major security risk is averted, a small investment here can be paid back exponentially.
Secure the Endpoints
Ensuring the security of the remote workers ‘ mobile programmes, hardware devices, and operating systems is another primary concern. In general, for too much time passes between the public detection of a vulnerability and the subsequent patch. Some research indicates the average time it takes to complete this process is over three months.
Advanced attackers of today can take advantage of an exploit, travel laterally through a network and steal critical assets, escape detection for weeks, months or even longer. To organisations, this is a nightmare scenario which often faces significant financial and reputational risks from these breaches.
It is necessary to ensure all software is current and continuously updated to manage this risk. Popular tools such as malware scanners, firewalls, and private virtual networks can also help to maintain protection.
Organizations can opt to deploy breach and attack simulation software for something a bit more advanced. These platforms simulate common attack techniques across probable paths of attack to help reveal the vulnerabilities of an organization’s protection.
The advantage of this approach is simple: a breach and attack platform allows for constant, automated testing, unlike the reactive method of waiting for a vulnerability to be found and a fix implemented.
Remote security takeovers
A surge of adoption continues to be seen in remote jobs, but companies cannot keep their non-office workers stranded on an island. They are exposed to unique vulnerabilities, and function without complete on-site IT security protection. And, being human nature what it is, we cannot expect remote workers to automatically abandon public Wi-Fi comfort in favour of better protection.
As such, it is critically important to train remote staff to identify the types of attacks they would most likely experience. It is equally critical that companies prioritise endpoint safety and implement the resources they need to get the right security, both at the workplace and in homes and coffee shops around the globe.
The only way to protect what you’ve worked hard to build is to be vigilant when it comes to cybersecurity. If you’d like to know more about how your business can benefit from managed services, just give us a call, we are here to help.