At least one day a week, 70 percent of employees around the world work remotely, exposing companies to a multitude of security headaches such as phishing attacks, unsecured servers, and weak passwords. Factor in the workers who also use cafes, coffee shops, or airport terminals to do company work, and the headache can turn into a killer migraine for IT security.
“Couple this with the widespread practice of employees emailing documents to their private email on their own devices, where security is invariably lower, and you open your organization to potential attacks,” says Scott Cairns, UK head of cybersecurity at T-Systems.
Another problem, according to experts, is that remote workers have most conversations online, which exposes all kinds of personal and company information to hackers.
The key to combatting these threats is better training for employees about the dangers when working remotely, Cairns says. His 2017 research finds that 66 percent of respondents received no up-to-date education in the previous year and 30 percent had received no cybersecurity education from any employer.
Some ways to create a more secure remote-worker practice:
- Provide training. Don’t rely on a group email to communicate security concerns or to provide employees with proper procedures. Any employee working from a remote location at any time should undergo mandatory training to ensure proper practices are being followed. The training needs to be updated as new security threats become known.
- Use a secure cloud. “If you and your teammates are on the same page about when and where to share information, you’ll be able to keep it relatively secure,” writes Adam Rowe of Tech.co. “Make sure everyone on your team keeps any and all business-sensitive documents in one secure cloud location, rather than on their individual laptops.”
- Use VPN. Using a virtual public network (VPN) can ensure that the Internet traffic is encrypted, especially if an employee is working in a public space with an open wifi network, says Comparitech, which researches VPN tools and other online services.
- Protect client data. When a remote worker is done with a client’s project, that data needs to be erased after encrypting it and backed up to a secure location, Comparitech says.
- Make updates automatic. Companies can’t rely on remote workers to update their hardware and software—that should fall to the employer. Worker devices should be on automatic updates.
- Check outside devices. At many industry conferences, USB sticks are passed out like candy. Unfortunately, such devices can be a source of malware and need to be checked before using. Also caution workers about letting anyone insert a USB device in their computer—any such devices should be approved by IT.
- Secure the router. Routers have become a frequent target of IoT attacks, turning an employee’s computer into a botnet slave and providing a backdoor to a company network. Companies must ensure that employees use secure practices, such as having strong passwords, using automatic updates, and turning off features they don’t use.
While technology makes working remotely easier than ever before, companies must be vigilant that such flexible arrangements don’t expose them to criminals who can exploit such situations.