Logistically, you’re good to go: employees are working from their home offices, spare rooms, and kitchen counters as if they’ve always been doing it, IT is keeping things chugging along on the back end, and you’ve even ironed out the kinks in video call happy hours. Now that your employees can successfully work from home, it’s time to circle back and make sure your infrastructure is secured in the correct capacity.
What change in security risks do businesses have now that their employees are working from home? And what changes do they have to make to infrastructure and day-to-day functionality?
As employees started working from home, many organizations first focused on getting business operating as usual while cybersecurity took a back seat. However, data breaches continue to increase year after year around the world, and new working habits are opening new avenues for novel data security risks.
5 Ways to Maintain Cybersecurity When Employees Work Remotely
Office work environments typically have layers of preventive security controls, while remote work doesn’t always offer the same safeguards. Here are five of the top solutions to maintaining security when your workforce is at home.
1: Secure Your Devices and Your Network
Hopefully, your organization has a dedicated IT department that was able to get all your employees up and running on work-specific devices. Personal devices rarely have the necessary, up-to-date security layers in place to keep your organization’s sensitive data secure. And whether you’re using a personal device, or one provided by work, you can create an additional hurdle for any attackers by using multi-factor authentication, VPN, or even remote access options.
Since having a remote workforce drastically increases your attack surface, it's more important than ever to monitor your network for critical threats no matter whose device your employees are using.
Related Reading: 10 Cybersecurity Tips and Best Practices
Securing your devices doesn't just mean using cybersecurity solutions – it also means taking some physical safeguards, including:
- Blocking your screen when working in public
- Locking the doors to your house, apartment, or home office
- Not leaving your devices in your car
- Using only trusted hardware and accessories, including charging cables and thumb drives
2: Communicate Your Technology
Many working hours are devoted to discovering, testing, and implementing technology solutions to streamline work in the office. Whether it’s a collaboration platform, popular software suites like Microsoft or Adobe, or a myriad of other business tools – don’t let all that effort go to waste!
One study found that half of all employees admit to cutting corners when working from home, including risky behavior and circumventing secure systems. Ensure that employees know:
- What tools are available to them
- How to use them
- Why to stick with those rather than finding an alternative
Technology can also include devices secured by the IT department, VPN, multi-factor authentication software, and firewall and antivirus protection.
3: Keep Your Data Safe
Protect your metadata. Sharing information includes inherent risks such as exposing hidden metadata in documents and images. With a data loss prevention (DLP) solution, you can rest assured that sensitive data isn’t exposed outside of your organization, as properties such as comments and revision history, author, user and server names, are wiped clean.
Share data securely. A secure file transfer solution ensures sensitive files get to their destination and are secured while in transit and at rest.
Safeguard your emails. Use a secure email solution to safely get your emails from A to B. Whether you need to send large files via email or want to boost basic email security with automated threat protection, redaction, and sanitization, keep using email to stay in touch with coworkers and stakeholders.
Back up your data. Some security breaches result in losing data for good. Give yourself the best chance at recovery by ensuring your information is backed up frequently to the cloud or a local storage device.
Monitor your network for critical threats. With such a fast-growing network, it can seem impossible to keep up with threats. Network Traffic Analysis solutions can help organizations reveal critical thretas in real time on any device.
Limit access. Around 70% of users have more access privileges than required for their job. This opens organizations up to extra risk in scenarios where credentials are stolen, or your organization has malicious insiders. Learn more about how to quickly identify excess privileges.
Keep work data on work devices. Checking a document from the lake house or sending a last-minute email from bed? It is safest to use your work laptop or computer for those tasks, rather than a (likely) less secure personal device.
Update your hardware and software. Updates are typically provided to add new features, fix known bugs, and upgrade security. While there may be a cost associated with making updates, it is better to pay those than the price of a data breach. Additionally, it is important to have up-to-date hardware that can support the most recent software security upgrades.
4: Educate Yourself and Your Employees
Coronavirus-related scams are increasing. Phishing, fraud, and other hacks are always a risk, but COVID-19 seems to have accelerated cybersecurity attacks as hackers started taking advantage of less-than-ideal working environments. The key to making cybersecurity work is to ensure that all employees are on the same page about best security practices, common risks, and how to identify potential attacks.
Using social engineering penetration testing services or tools allows you to find out where your weaknesses are by safely launching an attack just like those currently being used by actual threat actors.
Related Reading: 7 Steps to Protect Yourself Against Corporate Spear Phishing
5: Create a Work-From-Home Cybersecurity Policy
Security is an ongoing concern and with the major shift from offices to homes (plus underlying anxieties about a global pandemic) it is both essential and helpful to offer policies and tips that make working from home easy and effective.
One of the best places to start is with what you already have in place. You likely have a cybersecurity policy for the office or a list of “do’s and do not’s” for new employees. Brush those off and continue to educate your employees about general security best practices and your organization-specific guidelines. At the same time, bring those policies and best practices up to date with any new technology you’re using, have banned, or other new WFH guidelines.
What is a Security Policy?
A security policy is a written plan about how your organization protects its IT assets. It can include anything from how employees are allowed to access the internet at the office to what security measures are carried out. Security policies can be high-level, complemented by more specific policies for different offices, or a security policy can be all-encompassing.
Related Reading: Three Reasons You Need an Updated Security Policy
If you don’t have a security policy or your policy needs to be updated, our cybersecurity experts can help. Once your policy has been defined, there are a number of software solutions that can help you stay compliant. Powertech Policy Minder for IBM i can help you maintain compliance with your security policy by automating much of the work.
5 Tips to Keep in Mind
- Test your defenses. Start by understanding your vulnerabilities. You can take several tracks to get a deeper understanding of your risks, including penetration (pen) testing to identify risks and cracks in your cybersecurity defenses, whether through third-party penetration testing services or pen testing software that gives security teams the power to easily conduct advanced testing in a secure platform.
- Use private Wi-Fi or, at worst, a hotspot. Avoiding public Wi-Fi should be a no-brainer for your employees (and easy to stick to, as many coffeeshops and co-working locations are closed or have limited seating). At-home internet systems might not be as secure or reliable as your office setup, but they are a vast improvement over a public network.
- Use your VPN. A virtual private network, typically put in place by your organization, creates a secure line of communication to help protect the data that you are sending and receiving from home.
- Safeguard your data. Sharing information via email or the web includes inherent risks, like exposing the wrong content or opening your system to cyber threats such as malware or phishing. Clearswift offers data security solutions to protect against incoming threats, neutralizing links, and removing active code in real time before any damage is caused, and is offering assistance packages to get organizations up and running as workplaces shift due to COVID-19.
- Understand your network traffic. Surges in remote work have increased the connections into many organizations’ networks, propping open doors for all types of attacks. Monitor your traffic with Network Insight to discover malicious activity and quickly and confidently identify infected devices in your network.
Work From Home Security Policies and Templates
- NIST (National Institute of Standards and Technology) Bulletin: Security for Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Solutions
- Sample Telecommuting Policy: Work at Home Policy
- Update your existing policy: How to Revamp Your Organization’s Cybersecurity Program