This post originally appeared on the Flex Index blog in October 2023
By the end of 2023, 39% of global knowledge workers will work hybrid, marking a slight uptick from 37% in 2022.
The realm of remote work introduces a unique set of security challenges. Cybercriminals constantly evolve their tactics, and remote workers (unfortunately) find themselves in a vulnerable position. IBM’s most recent data breach report revealed that the average data breach cost has surged beyond $4M. For larger organisations, the figure is even more alarming.
Cybercrime poses a serious threat to businesses of all sizes, and remote work, if not managed with care, can significantly heighten the risk of a security breach.
In this article, we’ll explore four critical steps that organisations can employ to enhance the security of their remote workforce.
Four Keys to Improving Remote Work Security
1. Establish a Strong Foundation of Security Hygiene
A significant portion of cyberattacks — roughly 88% – 95% — result from human error. This vulnerability is especially pronounced among remote workers operating their devices without regular oversight of their employer’s IT departments.
The good news is that many of these vulnerabilities can be proactively mitigated by following straightforward steps to prevent cyberattacks (or facilitate a swift recovery if they should occur), including:
- Use a VPN: A VPN encrypts all traffic between a device and the corporate network, making it more difficult for cybercriminals to intercept data when users are away from the office. In simple terms, they stop attackers from reading data sent back and forth from user’s devices to their employer’s systems when they are physically away from the office.
- Require Multi-factor Authentication (MFA): MFA adds an extra layer of security by requiring users to enter a code from another source, i.e., a phone, an external device, or a one-time code you are sent, in addition to a password.
- Keep Software Up-To-Date: It can’t be stressed highly enough; most successful hacks take advantage of outdated software. Software updates often include security patches that can help protect against these, so they must be installed as soon as they become available.
- Formalize a Bring Your Own Device (BYOD) Policy: This should outline the requirements for using personal devices for work if they are allowed, and how they should be kept secure. Having a documented BYOD policy ensures that all risks have been considered and clarifies who is responsible for what; thus, things don’t get overlooked.
- Maintain Backups: No matter what precautions you take, one day, some form of attack is likely to be successful. When this happens, having backups can help organizations to recover quickly and minimize damage.
2. Keep Data Secure in Public Places or Shared Office Spaces
- Fake Wifi: Increasingly completely fake Wi-Fi networks are set up by attackers for unsuspecting users to connect to, allowing the attackers to record everything users do whilst online, including capturing usernames and passwords. When you use public Wi-Fi, be sure to use a VPN.
- Watch your Surroundings: If you are working in a public place or shared office space, be careful about who can see your screen (the best practice is to use a private screen at all times) and who can hear your conversations. We all disclose far more information than we realise, especially when confirming our identities or discussing sensitive data on phone calls.
- Secure your Devices: Avoid leaving them open and unattended at all costs. When you are not using your devices, even temporarily, lock your screen or close your laptop so that no one else can access them.
Here are three actionable tactics for securing your home internet connections and routers:
3. Secure Home Internet Connections and Routers
Home internet connections and routers play a crucial role in the security of remote work setups. As remote staff access sensitive data and work from their home, these often-overlooked components have become prime targets for cybercriminals exploiting vulnerabilities.
- Use Strong Passwords: The default password for your router is often easy to guess (if not publicly listed on the internet in the manual), so changing it to something more secure is essential. Your password should be at least 12 characters long and ideally be a passphrase.
- Keep Pace with Updates: Router software needs to be kept up to date like everything else. Still, this fact is often overlooked as there’s an incorrect assumption that this happens automatically or is managed by internet providers. You can usually check for firmware updates on the manufacturer’s website.
- Consider Separate Networks: To stay properly secure, consider using a separate network for work devices and data so that they are segregated from all other devices around them. This can be achieved by doing something as simple as requiring remote employees to set up guest networks only used for work or using completely separate work routers to set up a secure work network at home.
4. Establish A Regular Cycle of Employee Training to Increase Awareness
As with all security-related matters, education and training are paramount. Nowhere is this more obvious than with remote work, where the landscape is rife with vulnerabilities such as fake Wi-Fi networks, weak passwords, and outdated devices. Ultimately, the safety and security of an organization’s digital landscape begin and end with employees understanding the stakes and recognizing the importance of safeguarding themselves and their work environments.
In addition to covering the usual topics such as phishing attacks, malware, and social engineering scams, consider expanding your training to cover the following areas of remote work security:
- Situational Awareness: Employees need to be aware of their surroundings when working in public places or shared offices. They should also be careful about what information they share on social media.
- Verify Colleagues Requests: If employees cannot walk up to a colleague’s desk to verify the request is actually coming from them, they should ask for confirmation via a trusted channel, such as email, phone, or ideally ‘in-person’ on video.
- How-To Guides on Security Tools: Employees need to be trained on how to use the security tools and technologies that their organization has provided them with, i.e., how to use a VPN, MFA, and how to keep their devices and data secure when away from the office (and thus physical hands-on support).
Securing Remote Work: Best Practices for Enhanced Safety
Remote work, whether an occasional or frequent necessity, requires a heightened focus on security. The reassuring reality is that, with the right precautions, remote work can be just as secure as working within the office environment.
Here are three key strategies to enhance remote work security:
- Equip remote employees with security tools and technologies, ensuring their protection matches or exceeds that of office-based counterparts.
- Provide comprehensive training on security best practices for remote work, emphasizing situational awareness and safeguarding sensitive data in any location.
- Implement tailored security policies addressing data security, device management, secure network connections, and methods for compliance verification.
By adopting these measures, organisations create a protective shield for remote employees, ensuring the security of organisational data and systems while enabling productivity and peace of mind in remote work scenarios.