Remote work is all the rage, and it’s easy to see why. Employees want flexibility and freedom, while executives want less overhead and more productivity. Since most businesses have already transitioned communications to the cloud, it just makes sense. And more than two years after our sudden shift to remote work, the world has settled into a new “normal.” Employees and employers alike have embraced the advantages of working from anywhere.
Research has shown that workers are happier and more productive when offered the flexibility of a hybrid model. Nearly 60% of executives reported increased productivity among hybrid employees, according to a study by McKinsey. The study discovered a secret among the businesses with the highest increases in remote and hybrid productivity – they prioritized improving connections and collaboration even when not in the office.
However, as the number of remote teams and a hybrid workforce increases, the sophistication and amount of cybersecurity breaches have also, unfortunately, increased. For example, Google registered over 2 million phishing sites in 2020, up from 1.7 million in 2019 (a 27% increase in one year). The number of identity thefts reported by the FTC doubled from 2019. In addition, CybSafe reported that one-third of UK businesses suffered a data breach in the past 12 months because of remote work.
New remote workers may need to know what to look out for, while veterans may feel that the situation could be better. According to an IDG Research Services survey commissioned by Insight Enterprises, almost 80% of senior IT workers believe their organizations lack sufficient protection against cyberattacks despite increased IT security investments in 2020, and according to Shred-it, 86% of C-level executives believe that the risk of a data breach is higher when employees work remotely.
There is hope, however. Suppose your business implements the best cybersecurity practices now. In that case, it is much more likely that you will avoid a security nightmare and save your company from suffering a substantial financial loss and an even bigger headache.
The Unique Security Challenges of a Hybrid Workforce
Cybersecurity is essential whether your workers are in the office, hybrid, or remote. However, in-office workers are generally protected by layers of security regarding data and communication. Once workers move outside the office, new vulnerabilities appear. For example, an office network will likely be secured by firewalls, VPNs, antivirus software, and other measures to ensure VoIP security.
Many home routers don’t have a firewall, and home routers that double as a firewall may not be as secure as a business firewall. Even if VPNs and Wi-Fi security software are installed on employee devices, those employees become solely responsible for keeping the software up-to-date once working remotely.
However, many of the security vulnerabilities that come with remote work can be minimized with clear-cut policies, some training, and IT support for your remote workers.
Checklist of Best Practices
Cybersecurity professionals generally accept these best practices as the most effective in preventing or minimizing a security breach. If your remote workforce is informed of these policies and, most importantly, agrees to put them into practice, you can rest assured that your company has the best protection against an attack.
1. No Public Wi-Fi
Our data travels with us. 40% of the remote workforce spends time in public or shared spaces where their privacy isn’t guaranteed. Working out of a Starbucks may seem idyllic, but using their Wi-Fi can cause many problems. The lack of firewalls allows anyone using that network to hack into your company’s data easily. In fact, hackers on public networks anywhere your data hits between you and your office can monitor traffic as it goes by.
If employees still want to work from Starbucks, instruct them to set up a personal hotspot and virtual private network (VPN). Using a VPN is an excellent way to boost the security of any Wi-Fi connection, especially when using a public network or a home router. It conceals web activity by encrypting an IP address, keeping information safe from prying eyes.
2. Be Aware of Surroundings and Communicate Responsibly
According to a study done by Code 42, a laptop is stolen every 53 seconds in airports alone. Losing a laptop is bad enough, but if there is a data breach on top of that, it could be a catastrophe.
Instruct your remote workers not to be careless with their work laptops. They should remain alert if they work in a public space. They should ensure their sightlines are blocked, meaning no one can sit behind them and watch/record everything they do.
Employees should take their devices to the restroom and avoid leaving them in a car (even a locked car). It is also important that remote workers keep the doors of their homes locked just as the office is locked up every night.
If team members are having conversations in public, they should be aware of their surroundings and not share private information where others could overhear.
On video calls, protect privacy by blurring the laptop background, using headphones, and employing the best screen-sharing practices.
3. Encrypt Stored Data and Update Devices and Apps
If a device is stolen, employees can avoid a data breach disaster if the data on the device is encrypted. Make sure that remote workers are all using devices set to encrypt all stored data.
Encryption encodes data to make it unreadable to anyone without the matching encryption key, such as a password or PIN. Encryption helps protect users from identity theft, enables secure file sharing, and ensures compliance with specific laws and regulations.
One of the most effective ways to protect from hackers, ransomware, and other malware attacks is to keep devices, firewalls, and apps up to date. Developers are constantly working to close security gaps, so it’s essential to set the software to update when patches are released automatically.
A bonus of using cloud-based apps is that they are continually updated, so users don’t have to worry about remembering to download new versions manually. Users should always pay attention to security alerts from their IT department since they’re dedicated to protecting a company’s data from targeted exploitation.
4. Do Not Use Personal Devices for Work
If your remote workers are using their own devices to conduct work, chances are they are exposing the company to a security breach. The protocols that your company has for keeping data safe such as regular updates, virus scans, and malicious site blocking, are likely to need to be kept up by remote workers on their devices.
Your remote worker may need to be aware of all your company does to keep data safe. Secondly, your remote worker likely has a different budget for cybersecurity than you have for your business.
5. Enable Email Encryption
Emails are another point of vulnerability for remote workers. Just as you want to ensure that all stored data is encrypted, it’s also a good idea to encrypt the data attached to any email. This will prevent an unintended recipient from viewing the information.
6. Don’t Allow Non-Employees To Access Work Devices
Regarding cybersecurity, it’s important to keep as much control as possible over devices. Remote employees should never share their devices with non-employees. Even if it is someone they know, a non-employee who doesn’t understand your company’s security policies could unknowingly open a pathway for malicious actors.
This is true even if the non-employee only wants to use the employee’s work device as a temporary “charging station.” Additionally, some of your employees may be too trusting, and it is easier to have an “employee-only” policy than to have rules about who can and can’t use work devices.
7. Disable All External Drives and Store Work in the Cloud
USB thumb drives are some of the most popular vehicles for bad actors to use to install malware. These malicious actors would install malware onto 30 or 60 thumb drives and then distribute them where an unsuspecting worker would pick one up and, thinking it was theirs, plug it into their device.
Fortunately, most companies are using cloud collaboration solutions, allowing remote and in-person employees to access files and communicate efficiently.
Despite the name, the cloud is in remote data centers, offering layers of sophisticated security against everything from hackers to fires. They also provide support like retrieval for deleted files or end-to-end encryption for sensitive information.
With the advancement of cloud storage solutions, there is always a reason to use an external drive of any type, USB or otherwise. Unless your employee is a photographer or videographer, you should disable all external drives on work devices.
8. Update Password Policies and Enable Security Features
Your employees may unknowingly invalidate several expensive security measures if they have weak or repetitive passwords. Ensure your company has a password policy instructing employees to choose strong, unique passwords and to have different passwords for different applications they need to use for work.
We all know we’re supposed to use unique, challenging passwords for every login, but it can be a memory-based nightmare. Instead, users can store passwords in an encrypted password manager or use a password generator to make them up. Remember, work passwords should also be different from any personal passwords.
Two-factor authentication (2FA) adds another layer of security to password-protected accounts. These let employees use a second or third identification element, like a key card, fingerprint, or text code, to verify identities.
Even physical measures like installing privacy screen filters or turning off a monitor when remote workers leave their desks can help deter data thieves from spying on your work. Camera covers can protect locations and stop surreptitious spying.
Another helpful tip is to turn on location-finding and remote wiping to manage devices if they get lost.
9. Train Employees To Recognize Signs of a Breach And Report Immediately
Today’s scammers are sophisticated. Legitimate-looking phishing emails can lure users into giving away personal information that provides access to other accounts. Similarly, phone numbers with familiar area codes are easily faked and can lure users into picking up a robocall.
The sooner your IT or security team finds out about a breach, the better the outlook will be. Train your employees to recognize the signs of a security breach and to report it as soon as possible to your IT or security team. Some things that should tip off your remote workers to a breach are:
- An alert from the anti-malware software indicating that a virus or malware is present.
- A new homepage or default search engine comes up unexpectedly.
- There is a sudden and significant decrease in performance.
- There is a sudden increase in spam and pop-ups.
- They are receiving frequent error messages.
10. Consider a Secure Access Service Edge (SASE) solution
SASE is essentially an “as-a-Service” cloud solution that combines wide-area networking (WAN) with network security functions, cloud access security broker (CASB), firewall as a service (FWaaS), and zero-trust network access (ZTNA). SASE tools can identify malware, decrypt the content, and monitor sessions for risk.
11. Keep Your Employees Away From Nefarious Websites
Torrent and pirating websites will expose your business to a host of malware. Most companies will have a prohibition against employees going to such sites on work devices. Still, if it ever happens and one of your employees accidentally downloads a file of malware from a website of ill repute, firing them for breaking company policy will be of little solace.
Here is a creative tip to keep your employees from ever breaking this fundamental rule in the first place: Use some of the money you save from transitioning to a remote or hybrid workforce to buy your employees subscriptions to reputable music and movie websites such as YouTube Premium, Disney+, or Netflix. This investment will be a fun perk for your team and a deterrent to visiting nefarious entertainment sites.
Final Thoughts
Remote and hybrid work has become more appealing than ever to employees and business owners, but the threat of a security breach is a big drawback. To address this, consider investing some of the savings you receive by going remote into a solid cybersecurity plan. If you implement the best cybersecurity practices now, you and your team can enjoy all the benefits of remote work without the dark cloud of a security breach looming overhead.
One of the perks of office life today is that it’s no longer limited to the traditional “office.” We should take advantage of this new mode to increase productivity, but not at the expense of device and data security.
Learn how Mitel Software Assurance provides peace of mind for businesses.
This blog was updated to also include the Mitel team's thoughts in this guest post.