In these times, your employees become vital to protecting your business interests because, as a Gartner report notes, they are the weakest link and often the last line of defense (full content available to Gartner clients only).
Irrespective of the security measures you’ve taken so far to keep your company data and network safe, you’ll need even more concrete cybersecurity guidelines for your remote employees. Your remote workers must be aware of how their actions can play a big role in preventing data breaches, ransomware attacks, malware infections, DDoS attacks, and other cybersecurity threats.
To help you, we’ve compiled a list of the top five cybersecurity tips that businesses like yours have provided to their remote workforce.
Your remote workers might feel tempted to stretch the flexibility of remote working and decide to work out of a café or a hotel. You can’t regulate such decisions, but you can inform them about certain precautions to reduce the risk of cybersecurity threats when they use public Wi-Fi.
Get in touch with the IT department promptly if you notice any suspicious activity or such as increased spam emails and frequent error messages when accessing business applications. Also, never open or respond to emails from non-verified senders or download any attachment or click on any links in these emails.
Your remote employees can help you keep cyberthieves away by changing their system and router passwords regularly. You must send prompts or emails to remind your remote employees to change their passwords every two or three months.
In addition, passwords must be unique and strong to avoid cracking.
Here are some dos and don’ts for creating passwords:
Some additional tips for your remote workers:
Set different login passwords for different applications. Use password managers to remember your unique passwords. These tools keep the username and password in encrypted form and are, therefore, safe.
Protect the computer screen when working remotely from a public space to ensure that no one’s observing the password as it is being typed. Remember to change the personal Wi-Fi router password if shared with a guest.
Avoid logging into business emails or accessing confidential data using passwords on a public system. Passwords could be stored without the user's knowledge putting them at a greater risk of cyber theft.
Virtual private networks (VPNs) create a protective tunnel between the client browser (employee computer) and the company server. This protective tunnel hides users’ internet protocol (IP) address and their geographical location from hackers, making data exchange between the employee computer and the company server safe.
VPNs have built-in malicious website detectors that notify and restrict users if they try to access a potentially unsafe website. VPNs also block spam emails from hackers, which thwarts phishing attempts that try to lure unsuspecting users into sharing their personal information or business data.
Your remote workers should use a VPN connection when:
They’re working full-time or freelancing remotely from anywhere in the world.
They’re using personal devices for work or are traveling to client locations and using public Wi-Fi at airports or hotels.
If you’re looking for VPN software, you can find some options here.
Never ignore the prompts for software updates received from patch management tools. Download updates and keep your system updated at all times.
Your remote employees might feel tempted to use their official laptops for personal tasks or they might find more efficient cloud applications (for file sharing, storing, video calling, etc.), prompting them to download and use unapproved software applications.
This phenomenon of using information technology systems, devices, software, etc. without the IT department’s approval is known as shadow IT.
These unapproved applications/tools may not be compatible with the existing software applications on your remote workers’ systems. This can restrict your IT department’s ability to analyze and monitor system activities and prevent potential compliance issues and data leaks.
In addition to giving strict guidelines against downloading or using unapproved applications, you can also take certain measures to help remote workers understand the perils of using such applications.
Don’t insert unvetted USBs in work systems. A USB device could contain malware or a keystroke detector.
Multifactor authentication puts additional layers of security that requires users to provide extra information to prove their identity before they can log in. For example, a multi-factor authentication setup may require users to provide usernames, passwords, and a passcode (or more details).
Multi-factor authentication protects your remote employees against credentials stuffing and phishing emails. There are mainly four modes of multi-factor authentication:
Text message codes sent via SMS
Authenticator application codes sent via authenticator applications on smartphones
Biometric authentication involving facial recognition or iris or fingerprint scan
Physical keys such as USB sticks that need to be inserted to unlock the system or software
Getting your remote employees on board with multi-factor authentication would include educating them about the benefits of doing so. In the beginning, your non-tech savvy remote workers would have doubts and questions for which you’d need to offer them on-call IT support.
Once they understand the setup and the use, it’s a simple and straightforward process from there.
Never share any personal or professional information with unknown sources on email or website pop-ups. Don’t get tempted to participate in contests to win free rewards or click on unverified web links.
Remote workers might consider cybersecurity maintenance to be a time-consuming effort as it involves certain additional actions from them. They could also be unaware of your organization’s security policies or think they won’t be impacted in case of a cybersecurity attack (full content available to Gartner clients only).
Regardless, the responsibility to fill in the gaps is yours, since it’s your business that will have to pay the price for lax cybersecurity practices. Here are some handy recommendations to help you do that:
Develop cybersecurity training content that’s short, crisp, and easy to understand. Link the training material back to organization-wide cybersecurity policies.
Give remote workers toolkit notes with information about cybersecurity precautions and best practices for remote working.
Send email blasts with regular updates on cybersecurity needs and confidentiality policies via the human resource and legal departments.
Share examples of actual cyberattacks on organizations and how they impacted individuals.
Quote industry experts and other credible sources to highlight the importance of cybersecurity.
Get senior leaders on board to do video training for groups about company values and the role of cybersecurity in enabling them.
Reward good cybersecurity behaviors and penalize bad ones.
You can also visit our IT security software directory on GetApp to know about different software that can help you strengthen your cybersecurity.
You can also read the following resources for more information on cybersecurity:
The business model survey referenced in this article was conducted by GetApp from June 18 to June 23, 2020 among 577 respondents who reported executive leadership roles at small businesses with 500 or fewer employees.