The debates have (mostly) stopped about whether remote work is here to stay. For many people, it’s just the way we work today. However, even three years later, cybersecurity around remote work is still a top concern. Both companies and employees have room for improvement in terms of protecting devices, data and apps from cybersecurity threats when working remotely.
In addition to remote working causing new vulnerabilities to attacks, breaches involving remote work are more costly. The IBM Cost of a Data Breach 2022 Report found that around the globe, remote working increased the average cost of a breach by nearly $1 million. Breaches in the U.S. with remote working cost $600,000 more than the global average.
Though companies set up remote working policies and security at the beginning of the pandemic, employees may become lax over time. Now is the perfect opportunity to revisit best practices and improve cybersecurity for your remote workers. By taking proactive steps, you can reduce your organization’s cybersecurity risk when it comes to remote work.
Build a culture of cybersecurity
Many employees mistakenly believe that cybersecurity is the IT department’s responsibility. In today’s culture of threats and connected devices, that’s no longer true. In fact, it’s even less the case when employees are working remotely. Instead, they must become their own cybersecurity expert for their remote work setup and home office.
By moving to a culture of cybersecurity, remote workers feel empowered and responsible for cybersecurity. Workers who have the knowledge and the responsibility are more likely to follow best practices and report any suspicious activities. However, creating a culture of cybersecurity takes a concerted effort, starting with organizational leaders. The transformation happens over time, with repeated messages and training, not through a single training class or memo.
Provide virtual private network (VPN) access
Organizations should ensure that employees are using a secure network for all company work. Many companies expressly prohibit doing company work on public wireless. But in today’s workforce, people often need to get work done in locations other than their homes. When you provide a VPN Transport Layer Security (TLS), your employees can create a secure network wherever they are located so they can send the client a contract or help a customer resolve a problem — no waiting to get home or to the office required.
Remind employees to change default passwords on home routers
Many people simply set up their routers and get started. If the user leaves the default password on the router, cyber criminals can easily hack into the network. Educate employees that strong passwords apply to routers, and regularly send reminders to remote workers to change their router passwords.
Require employees to password protect devices
If an employee loses an unsecured work phone, then a cyber criminal can gain access to the network with relative ease. By requiring all devices used for company business to be protected with a strong password, you reduce your risk. Some companies take it a step further by requiring biometric passwords, such as fingerprints or facial recognition. Employees who lose their devices should contact IT immediately so the device can be locked and remotely wiped to decrease risk and diminish its value to cyber criminals.
Create remote work cybersecurity policies
Once your employees are trained on best practices, put those guidelines in writing and have each employee sign them. Be sure to include any requirements for encryption and secure networks in the policy. Additionally, detail any restrictions on using personal devices for work purposes. To keep the policy top of mind, require each employee to sign an updated version each year during their annual review.
Require employees to use anti-malware software
Any device used for company data, including personal laptops and cellphones, should have anti-malware software. Additionally, the employee must regularly update the software with any new patches or bug fixes. Every device with even a single unpatched software program significantly increases the company’s risk of a cybersecurity attack or breach.
Focus on phishing
Remote workers may let their guard down against phishing scams or social engineering if they are working on their couch or back patio. The IBM 2022 Cost of a Data Breach Report found that phishing was the second most common cause of a breach, accounting for 16% of breaches. However, phishing breaches cost organizations the most money of all types of breaches, at an average of $4.91 million in breach costs.
When you provide employees with training on best practices, such as not clicking on unknown links or not downloading files from people they don’t know, they are more likely to avoid phishing scams. Be sure to also provide employees instructions on what to do if they receive a phishing email or actually click on a potentially malicious file.
Consider endpoint detection and response
While anti-virus software should be an integral part of home office security, it’s simply the first step. With endpoint detection and response (EDR) solutions, remote employees have the same protections as they did in the office. If the employee clicks on a file that begins downloading malware, the EDR detects the threat and interrupts the download.
Remote working has become standard and simply the way we work. But it’s important to prioritize cybersecurity risks associated with working from home. By routinely reviewing and evaluating your remote work processes and practices, you can keep your organization as secure as possible, regardless of where employees work.