In today's work climate, employees are taking work out of the office to home. Technology enables us to respond to office needs faster as well as access our work from anywhere in the world. This is why it's important to also take security more seriously for those workers who don't work in a traditional four-walled office environment.
Neil Feather is the Chief Innovation Officer for Sitelock, and explains how we need to better protect ourselves and our remote employees while working outside the traditional office environment.
1. Avoid using public unsecured Wi-Fi networks
Although widely used for convenience, public Wi-Fi networks are actually a common vector for cyber threats. Typically, these networks are not secure, making insecure traffic, including sensitive data and log-in credentials, easy to intercept by a hacker. Hackers can also use unsecured Wi-Fi networks to distribute malware or spoof a public Wi-Fi network to draw in users and capture their data.
Another cyber threat to be aware of is Wi-Fi phishing. Wi-Fi phishing is when an attacker creates a web page that looks exactly like a legitimate page on your company's website, such as a commonly used email sign-in page. When an employee unknowingly encounters a page that looks legitimate--but isn't--and then enters credentials, he or she is actually communicating directly with a hacker.
It may come as a surprise, but a third type of threat to be aware of is your own home office Wi-Fi network. An unsecured home office Wi-Fi network can be accessed through harmless-looking--but vulnerable--IP-enabled devices like security cameras, wireless video equipment, and even network-connected thermostats. Unsecured IP-enabled devices are easy to hack, meaning an attacker can breach the network and move straight to your website or other assets.
Require remote employees to use a virtual private network (VPN) that enables users to connect securely to your business, even on a questionable Wi-Fi network. You can also provide employees with personal hotspots, so they don't need to use public Wi-Fi at all.
2. Share information about cybersecurity best practices.
As many security experts can attest, humans are the weakest link in a security strategy. All employees, whether onsite or remote, are vulnerable to threats, such as phishing attacks. It's likely that at some point, an employee may inevitably, and unknowingly, click on a malicious attachment, fake web page, or malicious URL.
That's why it's important to educate all employees about cybersecurity. For example, phishing emails are cleverly crafted to convince users to provide credentials, download infected attachments, or click on a malicious URL.
To help combat this threat, small businesses are increasingly realizing the value of cybersecurity training. In fact, employee security training is expected to be one of the most-adopted solutions in 2019 for small and medium businesses, according to the Spiceworks 2019 State of IT survey.
Set up regular employee security trainings to review the latest cybersecurity threats, how to spot scams, and understand any company policy for reducing risk. Small businesses with limited resources can turn to outside experts to provide affordable security training customized to their needs.
3. Don't disregard endpoint security.
Endpoint security refers to securing local resources such as software, applications, and operating systems that employees utilize on their devices. For businesses with remote employees, endpoint security offers a last line of defense against cyber-criminals attempting to launch attacks against their integral systems. Endpoint security can take many forms, most notably updating software and operating systems by using anti-virus software, and network firewalls.
Ensure that all company-owned devices have the most current software versions and are set up to resolve any security issues with automatic updates. Pre-installing malware scanners and a VPN are crucial to a proactive security plan. You can also enable local firewalls on all employee-issued devices to provide an additional layer of protection. For employees who use their own devices, providing licenses for anti-virus and VPN software can encourage employees to stay secure.
In an age where digital mobility is enabling employees to work remotely, it's important to be aware of the potential cybersecurity vulnerabilities this brings to your business. Although companies will face some risks with remote employees, implementing best practices such as using a VPN, providing employee training, and ensuring local resources are secure can give employees the freedom to work remotely while increasing the security of the organization overall.
Natural Networks offers our own Cybersecurity Awareness Program (also known as CAP), which helps you and your employees identify threats, like phishing scams and other threats, before they become a problem. If you are interested in learning more about Cybersecurity and the latest threats online, contact us today!
