REMOTE WORK | 5.5 MIN READ
Your remote employees may be unknowingly putting your company's data at risk. Working from home can potentially lead to data breaches, identity fraud, and a host of other negative consequences. Keep reading to learn the top five ways that remote employees can pose cyber security risks to your organization as well as risk mitigation tips.
Not enough time? Jump to:
Your remote employees can be the biggest threat to your network's security. By unknowingly following cyber security worst practices, employees can end up giving hackers and cyber criminals access to your network and your company's sensitive data.
When business operations suddenly or temporarily transition to remote work, employees can become confused as to how to continue to work securely.
The top cyber threat to remote employees is phishing schemes.
Phishing schemes involve a person or entity posing as a legitimate source, usually over email, to trick a victim into providing personal login credentials or sensitive information, which can then be used to hack into accounts, steal more sensitive information, carry out identity fraud, and more.
Phishing emails have become so sophisticated that it is increasingly becoming harder for employees to detect them, especially when phishing emails make it past email filters straight to an employee's main inbox.
RELATED: Top Phishing Scams of 2020
So what can be done?
Training employees on how to detect and avoid phishing emails can greatly reduce the risk that phishing emails pose to company data security. To build a comprehensive cyber security awareness training program, implement it from the moment new hires walk in the door.
By educating employees about phishing and cyber security best practices from their first day and continuing education with newsletters, phishing tests, and periodic trainings, a workplace culture of strong cyber security will be instilled company-wide.
Even if your company uses VPN's, firewalls, and other cyber security software to protect your remote network, human error comes into play when employees safeguard their accounts with weak passwords.
Hackers know that human error is easier to exploit then trying to get past a sophisticated security software, which is why they'll try to crack account passwords to access sensitive company information.
Cyber criminals use a variety of measures to crack passwords. For instance, they'll compile lists of commonly used passwords that can be used to easily access poorly protected accounts.
Hackers will sometimes write code designed to continuously attempt to crack a password by trying out different variants. With enough time, a bot can likely crack one's password unless it is extremely complex.
Repeat passwords are another common insecure practice that hackers exploit. Once hackers crack the password to one account, they will try to access other accounts with that same password. Employees who repeat passwords, especially across personal and business accounts, are at a higher risk of having their company accounts hacked.
So what can be done?
Password policies can help foster a culture of personal responsibility in your organization. Passphrases and bans on using personal information and repeat passwords for account logins are recommended password policy clauses.
Passphrases, which are created by stringing together a random group of words, are one of the top tips shared by cyber security experts. Secure passphrases can be anywhere from 4-12 words or more, with longer passwords being harder to crack.
For instance, a passphrase could be "chicken G0og7e blue Hawaii". To make passphrases more secure, one can add punctuation, character substitutions, and numbers.
In the age of social media, personal information commonly used in passwords such as birthdays and alma maters can easily be found online. If a hacker browses an employee's Facebook profile, for instance, they can use the pictures, posts, and "About Me" information to find common information used in passwords.
Though employees may be tempted to include common personal information in their passwords, they should be discouraged from doing so in your password policy.
Whenever you write down a password, whether it's on a sticky note or in the Notes app on your phone, you create an opportunity for somebody with bad intentions to find it.
Aim to add a clause in your password policy that discourages writing down passwords. If employees must write down passwords to remember them, they should consider a secure password-storing program.
While companies may think to encrypt data that's stored on their network, they may not consider encrypting data when it's in transit from location to another.
Your employees share so much sensitive information on a daily basis, from client account information to files and more, that your company cannot afford to not secure this information from being intercepted by a hacker.
If sensitive company information is intercepted, it can lead to identity fraud, ransomware attacks, theft, and more.
So what can be done?
Sensitive data should be encrypted when it's sent over email or phone. When it comes to email encryption, Outlook, a popular email platform, has features that can convert plain text emails to scrambled cipher text so that only the recipient with the key can decrypt the message.
You can also use email encryption platforms to secure email data, attachments, and contact lists.
Voicemail information can be encrypted with the right business phone system. Some business phone providers have features that can encrypt and securely email voicemail data to ensure that sensitive data is protected.
Data can also be encrypted by using a secure file-sharing platform such as Dropbox and OneDrive. These platforms ensure that information is encrypted from end-to-end.
While companies usually think to secure their remote employees' work laptops, many do not consider how the Wi-Fi networks that their employees work off of at home may be posing a risk to the security of company data.
For instance, while many people know to update their smartphone or antivirus software, updates to home router software are often overlooked. Similar to when updates aren't completed on other devices such as your smartphone, routers that aren't updated won't have security gaps patched, which can lead to data breach risks over time.
Additionally, while companies typically have firewalls in their office to monitor network traffic and block malicious activity, many people do not have a firewall to guard their home's network. While some routers are hybrid router-firewalls, these firewalls are not that secure, which can lead to potential network security gaps for remote employees.
So what can be done?
Periodically updating your router's software when updates are available ensures that any existing security gaps are quickly patched before a hacker can exploit them. Additionally, check to see if your router has any encryption features that can be enabled.
If your company has the budget for it and employees are going to be working remotely for a while, consider providing each employee, or at the very least those who work with a lot of sensitive data, with a firewall to better secure their home's Wi-Fi.
RELATED: How to Secure Home Wi-Fi [7 Tips]
When employees work remotely, they typically don't pack up their entire office and bring home technology such as printers and desk phones. This means that they may resort to using personal smartphones and home printers to conduct business remotely.
While working from personal devices can make employees feel a sense of freedom and flexibility, these devices can pose cyber security risks.
When it comes to personal smartphones, most people don't think to encrypt them, especially when it comes to data as banal as voicemails. However, when work is conducted on a personal cellphone, for instance phone calls and logins to business accounts, this data can potentially be accessed by hackers unless the phone is encrypted.
Printers have multiple features that, while they can seemingly improve one's everyday life, can have security gaps that hackers can exploit to access data stored on it. When remote workers print business documents from personal home printers, this can pose a potential security issue.
While many businesses provide employees with work computers, some allow remote employees to work from personal computers.
Although these policies are typically made in an effort to improve workplace culture by making business operations more flexible, these policies can also leave company data at risk because personal computers are typically not nearly as secured as work computers.
So what can be done?
How to Secure Phones
If your employees conduct business on personal phones, consider asking them to refrain from doing so unless they encrypt their phones. Data can easily be safeguarded with simple actions such as enabling a stringent passcode on the phone, but additional measures can be taken as well.
On Android phones, an encryption feature can be enabled in the security settings. On iPhones, you can enable a setting that automatically wipes the phone after a certain number of failed access attempts.
How to Secure Printers
Home printers have a number of insecure features that you should recommend that your employees turn off when they're working remotely.
For instance, "print from anywhere" features let one print documents at home even when you're away from the office. However, this feature has little security because it has to create a hole in your firewall to allow you to communicate with the machine from anywhere. Consider recommending that your employees have this feature turned off.
Another insecure home printer feature is a common default setting that, when you're scanning to the hard drive on your printer, allows you to open the folder from computers on the network to retrieve your files.
This setting allows for information to be written to and removed from that device from anywhere on your company's network and is generally done with minimal or no security. Consider recommending that employees turn off printers with this feature.
How to Secure Computers
When it comes to securing your remote employees' computers, of course the most secure solution is providing each employee with a work laptop so they don't have to work from a personal computer.
However, if this isn't in your company's budget or you still want to give employees the flexibility to work from whichever device they choose, consider Desktop-as-a-Service (DaaS).
Desktop-as-a-Service (DaaS) can be used to transform a personal device such as a laptop or tablet into a work desktop so that one can access all the applications and files that are on their company's network. This service is carried out by leasing virtual desktops via a public or private cloud service.
With virtual desktops, if an employee's personal device is stolen, no company data is lost, as data is stored on the virtual desktop instead of the physical desktop.
As remote work continues to be a viable option for many businesses, data security is becoming even more paramount. Use this article to take steps to secure your company's data for a remote environment.
For more cyber security content, follow our blog!
Posted by Erica Kastner
Erica Kastner is a lead Content Specialist at Standard Office Systems as well as a University of Georgia graduate. She aims to use her passion for problem-solving to help businesses understand how to better leverage their network infrastructure.