7 Ways to Secure Staff Working From Home

Working from home just might be here to stay.  A Gartner study from April 2020 says that 74% of employers would like to make 5% of their workforce work from home permanently.  25% said they would like to move 20% of their workforce to remote positions.  Employees seem to feel the same way as their employers. A Forbes article surveyed 312 people about working from home, and found that 82% enjoyed working from home, with 60% feeling less stressed, and 66% of respondents feeling they were more productive. 

While there are many advantages to working from home for both business owners and staff, there are some disadvantages when it comes to the cyber security of your business.  When employees work in an office, they have an IT department, and maybe even a dedicated cyber security department, ensuring that what staff do on the network is protected.  They can control what comes in and what goes out. 

When staff work remotely, they are often using an insecure network, they may be using their own devices, and may not be tech-savvy enough to set up the appropriate security controls.  This increases your business’ cyber security risk, but these risks can be overcome.  Here are 7 ways to secure your staff who are working from home.

  1. Cyber Awareness Training. Cyber awareness training is important from both in-office employees and remote staff.  Phishing scams are a big threat to your business, and employee’s must learn to take the necessary measures to protect themselves, their devices, and sensitive company information.
  2. Foster an Environment Where Staff Can Learn from Each Other. One of the reasons why some cyber awareness programs fail is because they tend to blame and/or shame staff who may have failed a phishing drill. Instead, encourage staff to be open and honest about what kinds of threats they are seeing when they are working from home.  When staff feel comfortable enough to share with their peers and management that they received a phishing email from “Walmart”, other people will learn what they need to watch out for. This lessens the chance of someone unknowingly falling for that same tactic. 
  3. Harden Endpoint Devices. Before staff can begin to work from home, they need to be taught how to secure the devices that will be in connection with the office.  All laptops and routers connecting from home offices and mobile devices need to be secured. You should also ensure staff are informed of all the cyber security policies and procedures.
  4. Make At-Home VPN Use Mandatory. Home networks are generally easier to breach than office networks, so you need to enforce employees’ use of VPN connections when working remotely. RDP (Remote desktop Protocol) have been found to be easily breached, so they can’t be relied upon alone for remote logins. The other nice thing about VPNs is they encrypt and protect data, ensuring that the connection remains private and secure.
  5. Use Multifactor Authentication.  While not without problems, multifactor authentication is still a necessity.  According to Microsoft, using multifactor authentication can thwart 99.9% of attacks on your accounts. Passwords alone are not enough to secure them, as one in two employees’ reports using the same usernames and/or passwords across their work and personal accounts, while 20% have never changed their passwords ever. Should a password be compromised, with multifactor authentication, a hacker in possession of a hacked password would still not be able to log in unless they also are able to gain access to another factor to authenticate.
  6. Have Dedicated Cyber Security Support. Asking the IT department to be in charge of all cyber security is a big challenge for them, as they are already too busy with keeping the day-to-day business technology up and running. If your business is large enough, hiring a dedicated cyber security team is a must.  Even if you are a small business, it is wise to consider hiring a Managed Security Service Provider (MSSP) to manage your business’ cyber security. When looking for an MSSP, you will want to ensure they can also provide you with 24×7 SOC (Security Operations Centre) support.
  7. Make Sure Work From Home Devices are Included in your Inventory of Assets.  When staff are working in the office, it is easier to account for all the technology that is used in that office.  Once staff are working from home, now there are additional devices that you may not have accounted for on your network that could increase your cyber risk.  Cloud and home endpoints need to be included in this inventory, as well as documenting what the weaknesses are of these defences.  Once those are determined, security measures that mandate that only certain organizational assets can be accessed outside the office need to be implemented.

Having a remote workforce can increase your cyber security risk, but it doesn’t have to.  For help setting up your remote workforce, make sure you contact Uzado