For more than a year, office workers across the globe have been working remotely and will likely continue doing so for the foreseeable future. While the COVID-19 pandemic made working from home more of a cultural norm, remote work has been on the rise for years and will play a role in the future of work. For example, a Gartner survey finds 80 percent of employers plan to let employees continue working remotely at least part-time after the pandemic.
As employees continue WFH routines, employers must stay diligent about cyber security threats and provide cyber security tips for remote workers. Scammers are leveraging both the pandemic and the potential vulnerabilities of working and learning from home. This can be seen in the uptick of phishing scams claiming to be from agencies like the Center for Disease Control, Internal Revenue Service, or the World Health Organization. In Q3 of 2020, network-focused attacks grew to 3.3 million, a 90% increase according to Security Magazine.
As a result, organizations need to take more precautions beyond reminding employees to change their passwords every 90 days. Here are steps to take to help your workforce keep their home offices and devices secured, stay educated on cyber scams, and quickly communicate any suspicious activities.
Cyber Security Tips for Remote Workers
Assess risk level
Employees may be more complacent about security protocols while at home, so there’s an opportunity to reassess the organization’s potential WHF security risks. This can include unsecured Wi-Fi networks, always-on VPNs, and employees accessing sensitive data from personal devices. Lax security protocols, like employees not locking their computer screens while away from their computer or sharing passwords with family members, also pose issues.
Keep an eye on emerging cyber threats and tell your team to stay aware of potential scams, such as phishing emails about COVID-19 test kits or vaccination registration.
Conducting a cybersecurity gap assessment can help determine where the organization is doing well, which areas need to be focused on, which vulnerabilities need to be addressed, what best practices can be implemented, and can also build the case for any security upgrades that require buy-in from other departments. If it becomes clear that new initiatives will need to be implemented, such an assessment can also help determine which tasks are the highest priority for the organization based on the associated risk of each finding.
Create a secure WFH environment
Employees might not even be aware that their homes could pose security risks that impact your organization. A cybersecurity attack can cost a company dearly. Showcasing the financial impact helps to help drive home why it’s a necessity for your organization to keep sensitive information out of the wrong hands.
Help employees reduce the risk of security threats and data breaches while working from home by providing a WHF kit that includes multi-factor authentication (MFA) software, password management software, and a VPN. To augment these steps, consider creating a checklist of security protocols like turning off auto-connect on devices, using secured Wi-Fi, and locking screens when not using devices, to increase security awareness among your workforce.
Encourage employees to share these security tips with fellow family members or roommates to reduce the risk of a data breach.
Boost employees’ cybersecurity know-how
It’s also important to make sure employees are alerted to potential cyber threats and scams. TechRadar found that human error can account for 90 percent of data breaches so it’s important that employees know how to spot scams.
Providing cyber security tips for remote workers, and giving them opportunities to increase their knowledge of common and emerging cyber threats can go a long way in preventing a breach. Hosting mandatory webinars or creating a lunch-and-learn series can be a great way to get a large group together to share information about common scams. An agenda should include information about cyber threats that leverage current events (like phishing scams related to COVID-19 or the economic stimulus package, etc.), best practices to spot and report scams, and keeping your home safe with secured Wi-Fi, VPNs, and two-step authentication software.
Employees can have varying levels of tech-savviness and cybersecurity can be a heavy topic to take in all at once. Game-based modules can break down topics into bite-size segments that help keep employees engaged in learning to keep sensitive data safe. Game-based module software also provides analytics that can show in real-time who has taken courses and if any individuals may benefit from additional training.
Keep security risks on employees’ radar
Regularly communicate with employees so they are aware of any new scams that may be directly impacting your organization or industry.
Coordinate with your organization’s communications team to create an internal email campaign that sends out security tips at least once a month or see if a security section can be included in an already established employee newsletter. You can include information like relevant statistics, links to industry articles, or tips and tricks to keep information secure while working from home.
Company virtual town halls can be another great way to share the message about the importance of data security through the CIO’s presentation. Create a slide or two that showcases statistics, relevant risks, and best practices to stay alert to potential scams.
Encourage employees to speak up
Empower employees to stay updated on security threats through a page on the company’s intranet or through a communication chat room and encourage employees to report suspicious activity. Develop a Frequently Asked Questions (FAQ) sheet or a resource guide to help field common inquiries and designate an IT team member to field any security-related emails or concerns.
It’s not only necessary to educate employees, but it’s also important to create a work environment where they can feel confident speaking up if they’ve made a mistake. Consider that nearly 79 percent of employees report being able to differentiate between a legitimate email and a scam, but 49 percent admit to clicking on a suspicious link while at work according to a report by Webroot. Encourage employees to reach out immediately if something looks suspicious or if they accidentally opened a malicious email and explain that the sooner the IT team is able to find out information, the sooner they are able to act and prevent widespread damage.
Staying diligent while WFH
As enterprises determine their WFH policies going forward, security needs to stay top-of-mind among your workforce.
Companies and IT departments can keep potential threats at bay by alerting employees of any cyber scams that could impact the business and providing additional layers of protection through VPNs and two-step authentication practices. Organizations can also leverage specific solutions designed to form and enhance security awareness for employees. Since driving change in behaviour is essential to lowering risk, leveraging solutions that customizes their training and education material based on user behaviour (UEBA) is crucial.
Taking a proactive approach to cybersecurity where remote employees can feel educated, engaged, and aware of potential threats can help protect your business in the long run.
Cybersecurity Solutions with Sanity Solutions
While some businesses are slowly returning to the office, many have chosen to remain a part of the remote workforce indefinitely. At Sanity Solutions, we work as an extension of your team to provide tailored security solutions and implementation plans. When you’re ready to take actionable steps to protect your business and employees, get in touch with our team. We’re standing by ready to help.