The Covid-19 pandemic transformed remote work from a niche perk afforded to a few employees to the primary way many organizations conduct business today. Although some companies have gone back to the office or implemented hybrid models, lots of people are continuing to work from home. Employees report higher productivity and job satisfaction when working remotely and companies can save millions on office space.
However, remote work introduces many new cybersecurity risks for companies that have moved operations off-premises. Remote employees use more devices in more places as compared to their in-office counterparts. They use new tools that enable them to work from anywhere at any time. This flexibility from remote working is great, but requires discipline to avoid disclosing private company data. Here are 5 things all remote workers should do to protect their organization's security.
Remote workers use more software as a service (SaaS) applications than ever before. Applications such as Salesforce, Adobe Reader, and Microsoft365 can serve as substitutes for traditional desktop applications and are typically more efficient than legacy programs installed on a device. Using cloud-based tools allows remote workers to operate more efficiently, but also introduces new security risks. Research shows that a whopping 68% of malware was delivered via cloud applications in 2021! Cloud applications often store sensitive data, so remote workers should utilize the best security practices possible for their SaaS apps. You should also have antivirus software on your device for an additional layer of protection against a data breach.
The best way to protect your organization from being breached via a SaaS app is to have unique, strong passwords for each service you use. You should also never use default passwords for any company accounts. In the scenario where one of your logins is compromised, having a different login for each application prevents a hacker from being able to gain access to all of your accounts containing confidential information.
Memorizing dozens of unique, complex passwords can be difficult, so it is recommended to use a password manager. LastPass, 1Password, and BitWarden are three popular password managers that will securely store your list of logins behind a master password. Make sure to use a strong password for these accounts!
Although using a password manager to protect your logins is always recommended, there are scenarios where your accounts may be compromised even if you follow best password management practices. This is where multi factor authentication can protect you and your organization.
Multifactor authentication requires two or more forms of authentication in order to log in to an account. If your username and password are compromised, a hacker will still need more information to access your data.
The most common form of secondary authentication is SMS or text message. A company will text your mobile device with a security code that you must input in their app in order to proceed. While using SMS is better than not having a second form of authentication it is still vulnerable to SIM hijacking.
Using apps such as Authy and Google Authenticator to generate unique one-time codes for logins is preferable to SMS. These apps can be installed on any of your connected devices and use protocols more secure than SMS.
The best form of secondary authentication is using a physical authentication key such as YubiKey. This ensures that no one can breach your accounts unless they have physical access to your person.
Although hackers rarely physically interact with their victims in 2022, remote workers must protect their physical devices at all times to prevent unauthorized access. Remote work allows people to work from home, at coffee shops, at Airbnbs, and more. Using your work device outside of the office introduces new security vulnerabilities that must be addressed.
Make sure that no one can see your laptop when you are in a public setting, especially if you are viewing confidential information. Consider using a screen protector that only allows you to see the screen from a direct angle. You should also use headphones when discussing company matters, both as a security precaution and as a matter of public politeness.
Physical device security also entails preventing loss or theft of company equipment. If you must store a device in your vehicle, lock it in your trunk or put it out of public view. Many criminals will break into vehicles they believe contain laptops, so make sure your car is not an attractive target. You should also make sure to keep your cell phone on you at all times when in a public place. Finally, all devices containing private information should be encrypted and you should have the ability to remotely wipe any lost or stolen devices.
An additional step you should take to protect your personal devices from cyber threats is keeping them up to date. You should always install software updates to your operating system and to any applications on your device.
One increasingly common tactic hackers use is creating fake wi fi networks to steal credentials such as logins or financial information. If you must connect to a public or unknown network, make sure that you do not input any sensitive information while connected to said network. Consider using a personal hotspot instead of connecting to public wifi if that is an option for you. You should also disable any settings that automatically connect you to available wifi networks and only connect to networks you trust.
Remote workers should also use firewalls and/or a virtual private network to monitor traffic and mask their IP addresses. Many employers will set up their devices to include those network security protections when they first issue them, but the burden is on the remote employee to use them. Although it can feel cumbersome to use a VPN, it is better than leaking customer data due to insecure wifi usage.
The final best cybersecurity practice for remote workers is more of a mindset than a specific practice. You should evaluate whether your computer usage opens up any risk vectors. There has been a significant rise in phishing attacks over the past few years, and hackers are using more sophisticated methods than ever to trick people into compromising themselves. If someone sends you an offer that is too good to be true, it most likely is! Avoid clicking on links from suspicious emails and educate yourself on preventing social engineering attacks.
It is always better to err on the side of caution when it comes to cybersecurity. If you believe you may have clicked any links in phishing emails, make sure to contact your IT team to get advice for the next steps you should take. If you receive suspicious communications from someone from your company, contact them via a separate medium to verify their identity.
There are more threats to companies and remote workers than ever before, so staying vigilant and maintaining skepticism is extremely important to protect yourself and your organization from data breaches.
Although the growth of remote work was kicked into high gear by Covid-19, it is extremely likely that working from home will continue to grow in popularity over the next several years. Companies that successfully leverage remote work operate more efficiently, have happier employees, and save millions in costs. However, managing the security flaws inherent to a remote workforce is difficult.
Although there are established cybersecurity practices for remote workers, educating employees and ensuring they follow said practices is difficult. Your company should also have its own security policies for employees working remotely. The best way to secure your workforce is by having a strong cybersecurity awareness training program that creates a culture of security at your organization.
Haekka is a great choice for relevant training for modern companies! Haekka was founded by two leaders with decades of experience helping organizations with their cybersecurity and compliance needs. To experience Haekka for yourself, schedule a demo with one of our founders today!