Since the pandemic and with organization’s working toward adapting to the new normal, working remotely has become prevalent worldwide. There are clear benefits to having a mobile workforce which include an increase in productivity, increase in employee engagement, revenue growth, better customer service, increased flexibility, increased mobility, and added business continuity. While all these benefits can help an organization grow immensely, there is always one threat that lingers as we switch to more internet based workplaces.
Cyber security is always a top priority for any business. Any security breaches or invading hackers can cost a company serious time and money. As the workforce branches out into more flexible work situations, there are new concerns about cyber security and how to protect employees regardless of where they are.
Common Risks of WFA (Work From Anywhere)
Working remotely can unknowingly be putting not only an employee’s personal computer and information at risk but also an organization. Unsecured personal devices can pose serious risks such as data breaches, identify fraud and other significant consequences. There are some common risks that WFA employees should be aware of.
Phishing schemes are a type of online scam that involves a person posing as a legitimate source via email, text message or advertisement to steal sensitive information and credentials. Though we figure most people can figure out a scam rather easily, phishing schemes have become more sophisticated and harder to spot as technology and antivirus software progressed.
Hackers know that human error is easier to exploit than trying to get past security software and access critical organization information. Hackers will use measures such as compiling commonly used passwords lists or write a code specifically designed to attempt to access a password. Employees who repeat passwords both for personal and business use are typically at higher risk than those who use more complex passwords and change them often.
Unencrypted Communication and File Sharing
Encrypting data while in transit or for daily communication is not often a factor when considering cyber security. Employees share important data and particulars daily without a second thought. Though it seems like insignificant sharing files between employees, if this data is intercepted it can lead to data breaches, identify theft and ransomware attacks.
Insecure Home Wi-Fi
Home Wi-Fi networks can pose a threat to an organization’s security. Updating home routers is often overlooked, but not completing regular updates can lead to serious security gaps. While organizations are sure to implement firewalls on their networks and devices in office, it is not common for a home network to have the same defense.
Working from Personal Devices
Going together with insecure home wi-fi networks, personal devices are usually not as secure as work devices. While some organizations offer work devices to take home, that is not always the case and employees will have to rely on personal computers, smartphones, fax machines and printers. These personal items typically are not encrypted and have more lax security measures.
Remote Desktop Tools
Though remote desktop tools seem to be a harmless way to share information or gain access to a co-worker’s computer for various reasons, most remote desktop tools rarely are very secure. They often lack multi-factor password authentication, user applications are broad meaning all information can be accessed by whoever regardless of their role in the organization, most programs lack basic encryption practices, and tend to have incomplete audit trails.
Five Eye-Opening WFH Cybersecurity Stats
Stats according to www.varonis.com
- 85% of cybersecurity breaches are caused by human error.
- 88% of organizations experience phishing attempts.
- 68% of business leaders feel like their cyber security risks are increasing.
- 86% of data breaches were financially motivated.
- 45% of breaches features hacking, 17% for malware and 22% for phishing.
Better Cybersecurity Practices At Home
While working from home poses potential for cybersecurity, there are numerous tips and best practices that can help deter potential threats. These practices should be implemented not only when beginning remote work but should be revisited and executed daily to ensure personal and an organization’s security.
Personal Devices vs Work Devices
If possible, separate personal devices from work devices. Your personal devices typically will not have the level of security as a work device. In addition, personal devices are not being monitored by an IT department for updates, vulnerabilities, or breaches.
Secure Home Network, Router and Devices
Regularly update your router to manage security vulnerabilities and apply patches on any gaps in your network’s security. You could also consider moving your work devices to a separate subnetwork for added protection. You should also protect your Wi-Fi network with encryption for extra security on all fronts.
It is also wise to invest in antivirus software and firewalls. Antivirus suites protect against a range of threats such as zero-day attacks, malware, spyware, viruses, trojans, worms and phishing scams. Just as you routinely update your router and devices, antivirus software should also be updated to ensure protection.
Strong and Secure Passwords
Creating unique and secure passwords can be achieved relatively easily. When creating a password for your router, network, or devices be sure to change the automatic password (if there is one) to be more difficult for third parties to identify. Avoid passwords such as “admin” or “12345”. Also avoid creating a password that includes your name, birthdates, addresses or anything that can be used to identify you. If you have problems remembering multiple or more complex passwords, download a password manager.
Keep Software and Operating System Up To Date
Updating software or systems seem to happen at the most inconvenient times, but it is critical in keeping your information secure. Updating systems regularly ensures that all devices have security patches applied as soon as possible. Though most modern technology checks and applies updates regularly, be sure to check for the latest versions periodically and update immediately when one is required.
With a rise in cybercrime two-factor authentication can drastically reduce the risk of security risks. This authentication method requires two or more pieces of evidence to allow access to certain sites, programs, or information. Evidence examples include:
- Knowledge which refers to be a password or PIN.
- Possession which refers to things such as a bank card, key fob, or some type of security token.
- Inherent which refers to biometric methods such as fingerprint or voice.
- Location which refers to the connection of a specific network and using a signal to identify location.
VPN is a virtual private network that extends a private network across a public network. This enhances online privacy and allows users to send and receive data securely. VPN makes internet traffic and information unreadable to anyone who intercepts which allows employees to share files and communicate confidently.
Lock Your Devices
The most simple and straightforward tip of them all. Locking your devices with a passcode or fingerprint authentication is just a bonus layer of security. This is mainly for if you end up bringing your device to a public place but should be common practice on all personal and work devices.
Adapting for The New Normal
Ready or not, organizations have had to adapt their workplace to accommodate a more mobile workforce and while the transition may be intimidating, it is still happening. This should not affect growth or security within a business though. While a more mobile workforce can create better business growth, cybersecurity remains a necessity, but it is possible to have top-grade security at home.
Recognizing common cyber threats and adapting to better home security practices is the best way to create a safe and secure remote workforce. These remote work practices give employees and organizations the tools to increase adaptability, flexibility, and better customer service without sacrificing the security around their most critical information.