Remote work comes with a list of benefits, both for employees and employers. Ever dialled into a Zoom meeting from the beach? The looks on your colleagues’ faces make you briefly forget about the sand in your spacebar and the glare of the sun on your screen.
Those who are still against it, are often using the increased risk of cyber threats as an argument to not work from wherever, but rather stay safe and sound in an office.
While there’s certainly an increased risk, and cyber security is harder to manage if your employees are scattered around the world, using all kinds of devices and networks, it’s certainly not impossible to keep everything in check.
It all starts with understanding what types of threats you should be on the lookout for, what healthy cyber security habits are and how to educate your employees on them. All of that will be covered in this article.
If you’re an employer who is planning to go fully remote, first of all: good on you! If you’ve already been doing this for a while but are looking to step up your security game, then this one’s for you, too.
(Source: Unsplash)
What are you protecting?
Before we dive into the technical part, it’s good to understand why cyber security is such a hot topic.
You’ll be protecting your business, your reputation, your customers’ privacy and your employees. Yes, cyber security is a pretty heavy load to carry.
Apart from the hassle that comes with untangling a cyber mess, it also comes at a high price. The average cost of a security breach is $4.24 million.
Moreover, the damage done to your reputation can cost you business and money for years to come. Plus, tech talent won’t be as keen on applying to jobs at companies that aren’t known for good cyber etiquette.
Who is responsible for keeping your business safe from cybercrime?
It’s a team effort, really, but as an employer, you’re in charge of making sure your employees have the tools and knowledge to keep data safe.
By unknowingly following cybersecurity worst practices, employees can end up giving hackers and cybercriminals access to your network and sensitive company data.
If you allow the majority of your employees to work remotely, it’s important to develop some basic habits to protect your devices and corporate network from cybercriminals.
How is working remotely different from working from the office when it comes to cyber security?
Let’s get one thing straight: cybersecurity and data security are equally important whether employees are working from home or in the office. They’re just not equally easy.
It can seem harder to handle when not everyone is working from the same Wi-Fi network, and it is!
While companies usually think about protecting their remote employees from work laptops, many don’t understand how Wi-Fi networks used by employees to work away from home can pose a security risk to corporate data.
On top of that, people are responsible for a lot of digital processes: downloading apps to their device, setting up accounts and – drumroll please – choosing passwords. Let’s start with that one, and the threats that emailing can pose to your company’s data.
(Source: Unsplash)
Keeping email safe, wherever you work from
Email is often an overlooked security soft spot. Most remote companies are used to emailing all the time, but how often do we stop and think about how safe we are handling our most significant communication tool? Let’s look at what you should be taking care of urgently.
Password security
Many people joke about password security, admitting they use the same password across devices and programs, but training remote workers to protect your passwords is key to keeping your company’s data safe.
It sounds futile: we all know that it is important to choose a strong password, and the bots are reminding us of it constantly. Yet, some people still work with old passwords dating back to their college days, whereas John65 seemed unique enough for John who was born in 1965. Good one, John.
Even if your company uses VPNs, firewalls, and other network security software to protect your remote networks, human error can come into play when employees protect their accounts with weak passwords.
Educate your employees on what makes a strong password, preferably in their onboarding process—but It’s never too late.
Look for digital onboarding tools that allow you to make email safety etiquette a part of your There are plenty of free resources out there with valuable content that will quickly teach them the dos and don’ts. Spending time on this in the onboarding process will prevent a lot of awkward moments later on, trust us.
Though we know, it’s hard to get people excited about a PowerPoint on passwords, so maybe try a TedTalk on passwords instead.
Phishing emails
Training employees on how to detect and avoid phishing emails can greatly reduce the risk that phishing emails pose to corporate data security.
Phishing emails are still a common way scammers compromise your company’s security and information. They’re not as obvious as they used to be. While we all know not to click random links or send money to a recently widowed prince in exchange for more money, we can’t always spot phishing emails that come from contacts we normally trust.
Phishing emails are becoming more and more sophisticated, looking exactly like they came from your bank, your clients, or anyone else you wouldn’t be wary of usually.
There are great tools out there that will help you fight phishing attacks with phishing protection, including Microsoft 365’s phishing simulation. Invest in these solutions and educate your team, and you’ll sleep a little more sound at night.
Encrypt your email messages
You might think nobody could be interested in that email thread between you and Anthony from accounting, but don’t be too sure: cybercriminals can use every piece of information to find their way into your company databases.
We’d recommend using a Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol to protect your email security. How does it do that?
S/MIME lets email recipients know that the email they’re reading is identical to what has been sent, and lets them check if a message was sent by an actual company or person, instead of a sneaky imposter.
Spoof-proof your emails
Knowing that the emails you read are from a legit source is one thing—making sure nobody is pretending to be you is a whole other ballgame.
You’d be surprised to find out how many cybercriminals can easily create an email address that looks like it’s from your company.
One way to fight this is with a protocol of Domain-based Message Authentication, Reporting, and Conformance (DMARC). This makes sure nobody can use your corporate domain to fool other people.
Other ways to protect your data
Of course, there’s more to data security than emails. Here are some other must-do’s to protect your company’s most sensitive data.
Install that firewall
You never know what Wi-Fi network your employees have to use while they’re on the go. The least you can do is install a firewall, which will prevent unauthorized access to and from the network, further enhancing the security of your employees’ devices.
Get solid antivirus software, stat
Think you can wait a little with setting up antivirus software because you want to prioritize onboarding or other tasks? Think again.
Installing reliable antivirus software will automatically protect your remote work from a variety of threats, including:
- Ransomware attacks
- Malware
- Spyware
- DDOS attacks
- Trojans
- Phishing attacks
- Rootkits
and other cyber threats.
With proper network monitoring, you can ensure that the antivirus software and security checks on each device are up-to-date, or even remotely wipe all data from a laptop in the event of a theft.
(Source: Unsplash)
Extend corporate network protection with a VPN
With a VPN, remote workers can protect against cybercriminals and protect sensitive data, such as customer data and financial documents, from cybercriminals. VPNs are designed to protect information exchanged between remote employers and employees through data encryption.
How does it work? VPNs establish an encrypted connection that protects data in transit, which is especially important when employees connect to insecure public Wi-Fi networks.
Using a VPN is a common practice to keep your data connected securely when working remotely, even on a public Wi-Fi network. What your company’s VPN does is route traffic over the Internet from your organization’s private network, providing even more security.
A VPN can help protect you when doing anything on dangerously weak networks, including paying utility bills, downloading sensitive/personal information, shopping online, sending emails, and more. It’s important to educate employees about VPNs and why they must always be used.
So, what’s the status of your security?
Start by taking stock of all the tools you are using and where data is stored, and from that point, build a tactical plan to keep it all safe. Meanwhile, keep the conversation going with your employees: data security should always be top of mind!