Just a few years ago, working remotely was more the exception than the rule. If allowed at all, it often was a perk available only in limited situations. Many of my fellow executives viewed it as no more than a fleeting fad.
Fast forward to today. After a year of mandated work-from-home (WFH) environments, businesses have come to embrace remote work as a viable way of working and the vast majority of employees want to continue working from home at least part of the time.
But with remote work comes the potential for an array of cybersecurity threats. A recent study found that nearly three-quarters of businesses are concerned about cybersecurity threats introduced by home-based employees. If your mobility workforce planning strategy includes a WFH component, here are some things to keep in mind to protect your data.
Beware of Phishing Attacks
Phishing attacks have been on the rise since COVID-19. Warnings have come from such credible sources as Homeland Security, the U.S. Secret Service and the World Health Organization. In fact, one report found that phishing email attacks increased by more than 600% during the early days of the COVID-19 crisis.
Be sure to equip your remote workers with ways to spot suspicious emails. Among them: verify any hyperlinks before clicking, watch for grammar and spelling errors, never provide personal information in an email. Consumer Reports produced this guide that spells out what to watch for. Bottom line: “Remote workers should get into the habit of pausing before responding,” the security experts advise.
Restrict Equipment Usage
Your organization’s network will be best protected if remote workers are restricted to using only company-provided equipment. While an employee might see no harm in sending company emails from their personal laptop, that personal device is much less likely to have in place the same security protocols as do your company-issued devices.
On the flip side, mixing personal use on a business computer increases the risk of “drive-by downloads” and makes it more susceptible to phishing attacks. Your safest bet is a “separation of church and state” policy when it comes to equipment usage. Limit WFH employees to doing business, and only business, on company devices. If not possible, consider Plan B: “Personal devices should be vetted by the employer IT’s team prior to being used for company work.”
Set Parameters on Where Employees Get Online
Where your remote workers do business is equally as important. As coffee shops and cafes reopen, it may be tempting to work from something other than the same four walls of a home office. But, free WiFi available in many public spaces is a treasure trove for hackers. Set clear policies prohibiting the use of free WiFi networks; if an employee lacks secure access, provide a hotspot.
Lean on Your IT Team More Than Ever
It’s in times like these that the investment you’ve made in a strong IT team truly pays off. Lean into them and their expertise. Theirs is no easy challenge; they are tasked with making remote work as accessible and user-friendly as possible to support employee productivity, while also locking down any possible access points that could threaten your business.
Where can IT be most valuable in protecting remote data security? First, in deploying security controls – things like malware, firewalls, encryption and password management. Make sure patches are up to date, and implement multi-party authentication. In addition, look to your team to continually monitor network traffic and watch for anything out of the ordinary that could indicate a breach.
Educate Remote Workers
Don’t forget that “Security is a people business,” notes Security magazine, and as such, most breaches are due to human error. Employees can’t know what they don’t know so empower them with information. Continually educate your employees on what to watch for. Encourage a cautious skepticism when working online.
It is not just online behaviors that can create issues. As importantly, remind employees that personal behaviors can innocently lead to unintended consequences. A computer screen left open to a confidential, sensitive company document. A strategic Zoom conversation that’s within earshot of curious bystanders in a local coffee shop. A seemingly innocent venting about work over dinner with friends.
Keep cybersecurity top of mind with WFH employees. Consider providing checklists of best practice procedures like always shutting down computers at the end of the workday, never sharing (or typing where others can see) passwords and conducting work conversations only in private spaces.
Remote work is far from a fad, and with it come new considerations for cybersecurity. Mobility leaders have an opportunity, and an obligation, to protect their organizations’ digital assets. Rely on your internal IT resources and partner with trusted third-party experts to guide your organization in this brave new world of WFH cybersecurity.