At the office, you’re able to set up security on your users’ laptops. But how about the computers your employees use at home? When browsing the internet, opening emails, and downloading documents, are your employees’ home computers just as secure?
Obviously, this worry forms part of your day-to-day job—and the problem isn’t going away. A Gartner survey found that 47 percent of organizations will give employees the choice of working remotely full-time once the pandemic is over, and 82 percent said employees can work from home at least one day a week.
That’s great news for employees, but what does that mean for IT professionals? Although companies can encrypt data stored on their network, the data may not always be secure when it’s in transit or at their employees’ homes.
As a handy reminder, here are some helpful things that will keep your organization’s network secure while employees work from home.
- Make sure employees only have the server access required to do their jobs.
Implementing the concept of “least privilege,” determine who on staff needs to access your organization’s entire network and who only needs access to cloud-based services and email.
- Prevent employees from accessing your organization’s data through their personal home computers.
If you allow people to work from home, give them the tools they need to do their job. That means issuing them a company laptop or desktop computer and mandating that they use it for work. This prevents employees from using their home computers for work and then bringing their work—and cyber threats—from home onto your network.
As an example, we recently wrote an article about the danger of USB drives. Employees using their home computers for work tempts them to save files on a USB, come to the office, and plug it—along with possible viruses, ransomware, and cybersecurity risks—into your network.
- Make certain everyone uses Multi-Factor Authentication (MFA) for an extra layer of protection.
In case of a data breach or incident, MFA can prevent or lessen the impact. Many cyberattackers use stolen credentials as their way into your network. Layering on another factor of authentication, such as a code sent to an employee’s smartphone, makes it harder for cyberattackers to succeed.
- Cut out the risk of a man-in-the-middle attack with VPNs.
A weak home network or wi-fi connection opens up employees to man-in-the-middle attacks where cyberattackers can eavesdrop, steal information, and possibly alter communications. A VPN or secure browser ensures their connection with your network does not expose your organization to cyberattacks.
- Warn employees about using public wi-fi.
Working from a coffee shop might be a relief from an employee’s home or apartment but it also exposes their data to cybersecurity risks. Public wi-fi access points are notoriously unsecured, and cyberattackers have many ways to snoop and intercept data. If employees must use public wi-fi, require they use a VPN or secure browser.
- Train, train, and train employees.
When employees work from home, they tend to be more relaxed and possibly distracted—enough to fall prey to phishing emails. Providing cybersecurity training is a proven method to help employees guard against cyberattacks. In addition to traditional and online training, invest in training software to test your employees with fake phishing emails. See who takes the bait and use those instances as teaching moments.
- Revise your security plans and processes.
Such a paradigm shift to heavy remote work is a good time to revisit your security planning and processes—especially if you haven’t specifically adapted them to remote work. Add and refine any cybersecurity processes and procedures that would never have applied to the office. Make sure employees are clear about these processes and decide how you will enforce them.
- Have a business continuity plan.
Nothing can replace a good business continuity plan. I’m not talking about just backing up your data. You need a plan for employees to be able to operate and access critical applications during an emergency and keep business running as usual. A documented disaster recovery plan must now account for remote workers.
While remote working provides unprecedented freedom for employees, it also means they need to take more responsibility for their cybersecurity—with a little help from IT leadership.