Remote work. In theory it sounds like a win-win for all involved:
Work-life balance and flexibility for employees.
The ability for employees to be productive anywhere for employers.
But, as we all know, there's always a catch (or few). For this post we're focusing on cyber security and the related challenges posed by employees working remotely.
At first glance, working remotely seems straight forward enough. Just get a laptop with an internet connection, and start sending emails and files. But in today's world where information is valuable currency, remote work presents a host of challenges for companies that are new to the process.
Let's look at some of the challenges and how to mitigate their associated risks.
Challenge 1: Your business has gone from one secure network access point to multiple potentially unsecure access points.
For the sake of clarity, let's start with the assumption that your business network in the office is setup with all of the current cyber security best practices: firewalls on all in-house devices, automatically updated virus protection, strong password requirements with regular reset intervals, pop-up blockers, locked and encrypted wifi networks, and automated data backups to onsite and offsite locations. If your office network is not setup with those basics, or you're unsure, now would be a good time to contact your IT vendor to make sure you're setup properly!
So your office network is secure, but now you have previously in-house employees working remotely. Are their home networks as secure as your office network? Is their data still backed up automatically? Are they using a work provided computer or their own private computer?
First step for your remote workers' equipment:
Ensure that their own home networks are setup with strong passwords and firewalls for whatever device they are using to access the internet.
Ensure the equipment they are using has a VPN setup and in use.
Challenge 2: In-office employees are used to responding to most digital communications without thinking they could be malicious.
In most office settings, we're used to the routine and pace of the office and its associated communication patterns. But with the massive shift to remote work, bad actors have increased the frequency of attacks via email and other electronic communications. They know that more people are more dependent on electronic communication than ever before, and are attempting to take advantage of the situation.
Do you have training in place for your employees on how to identify potentially malicious emails? Do you have antivirus software installed on all devices that access your work networks?
Second steps for your remote workers:
Train your employees on the steps to identify potentially malicious communications. Key things to look for include: What verbiage is used, i.e., does it read funny? Hover the mouse pointer over the "From" address, does it show an email address different than that which shows in the regular email?
Confirm installation of antivirus software on all employee equipment that connects to your work network.
Challenge 3: Equipment will be transported back and forth between the office, employees' homes, and other remote locations.
Now that people are working remotely, whether full time or limited days each week, they are transporting expensive hardware with access capability to your work network. What happens if that equipment gets broken? Stolen? Lost?
Third steps for your remote workers:
Ensure they have a secure and safe form of transport for the equipment they are transporting: padded laptop bags/briefcases/backpacks. Preferably lockable.
Train employees on the importance of keeping their equipment close to them if they are working anywhere other than home or the office. Similar to being an airport, keep your bag(s) with you at all times!
Install software that allows you to locate and/or wipe hardware remotely. Assuming the data is backed up frequently, it's relatively easy to remotely erase a lost/stolen computer, then replace it with a new piece of hardware that can be imaged with the backed up data, ensuring minimal loss of work information.
In conclusion, there are several straightforward steps you can take to protect your networks and business information. And these steps are much easier to take now than they are after a network breach!
If you have a preferred IT provider, reach out to them for support on implementing any improvements you need for your network. If you don't currently have a preferred IT provider and live in the Evansville, IN, Tri-State area, some excellent local IT service providers include:
If you'd like to build out your own plan for cyber resilience, reach out through our Contact links to setup a free Business Impact Analysis session for your company, and let's get started improving your own company's resilience.