Our current work environment presents new cybersecurity challenges for businesses. With one-half to two-thirds of U.S. employees working remotely in some capacity, many employees are not connected to a closed office system or encrypted database. Consequently, businesses are at greater risk of data breaches and cyber disasters than ever before.
Generally speaking, most of us don’t think about cybersecurity that often. People are accustomed to opening laptops in public and pulling up banking information on cell phones while standing in line at the local coffee shop.
And until someone’s identity is stolen, their credit cards have fraudulent charges, and they’re being asked about the data breach on their company email account, words like “firewall,” “date encryption,” and “VPN connection” don’t seem all that relevant. It’s time for businesses to think about cybersecurity differently.
To help you protect your company’s database from malware, viruses, and data breaches, here are five ways to help your remote workers be cyber-safe and keep your network secure.
1. Demystify Cybersecurity.
While “cybersecurity” sounds like something you need to be Mark Zuckerberg to understand, the reality is a few simple habits can help your team stay cyber-safe while working remotely.
For instance, when installing apps to any phone or computer, only install Apps from official stores, such as the Apple® App Store and Google Play Store. Discuss the importance of strong passwords, turning off microphones on smart devices that are always listening, and keeping kids away from work devices. Adopting these habits will help remote workers exhibit cybersecurity habits that protect your organization’s data.
2. Use an Up-to-Date Home Router.
Most of us get our home internet from the local cable company and use the router they provide. Instead of employees using a device with an unknown history and accessibility record, provide a new router that uses WPA3 or WPA2/3 with protected management frames.
After installing a new router, turn on automatic updates so the router is always current with the latest software patches and updates to prevent spearphishing and malware installation. These updates often include protections against the latest computer viruses.
If your company has an IT department, send a certified router directly to your employee and have a member of the IT team help them install the router for optimized security. To maintain your company’s network security, ensure your IT team connects with remote employees before off-site work begins. At that time, the IT team can ensure that your employee’s devices are set up for weekly reboots of routers, computers, tablets, and smartphones to help ensure security and remove malicious implants.
3. Don’t Access Sensitive Data on Public Wi-Fi Networks.
According to The Hill, the COVID-19 Pandemic led to the percentage of remote work rising from 4.7% to 61% in May 2020. But now that we’re coming out of the pandemic, the world is reopening. People are going to coffee shops, restaurants, and bars again. And people are traveling again. This is notable because, while we may think of remote workers as huddled at their kitchen table or in a cramped home office, hiring employees who work from home does not guarantee that work is completed at home.
In fact, reports are turned in and calls are taken in hotels, airports, and sitting poolside while enjoying secret vacations that employers don’t know about. While it’s always been the case that hotels and vacation rentals offer discounts for longer stays and mid-week reservations, that was when people were in the office on Wednesdays. Now, workers are taking advantage of these lower rates and working on public hotspots and Wi-Fi networks while traveling.
Forbes found that “discreet workations” are poised to be one of the top travel trends in 2023, which means that a great deal of work will be happening on public Wi-Fi and hotspots where devices are most susceptible to hackers. Businesses are wise to assume this behavior is happening at their company and train workers to be cyber-safe while working remotely. Wherever that happens to be.
4. Adapt Personal Device Security Policies.
The National Security Agency (NSA) has a free cybersecurity information sheet with their Best Practices for Securing Your Home Network. In it, the NSA recommends installing security software on all electronic devices used by remote workers that can combat malware, phishing attempts, viruses, and other potential threats.
Mobile devices offer convenience and capability but often at the expense of security. To help combat this risk, the NSA also put together a list of Mobile Device Best Practices.
One of the biggest threats to a working parent’s cyber security is their kids. If kids are given screen time and allowed to play games on the home computer or tablet, be sure these are not work devices. Kids can easily accept malware and ransomware onto devices by clicking on popups they don’t understand.
It’s also recommended that remote workers install VPN software on all devices for additional cybersecurity. Other tips to mitigate the chances of a cyber attack while working remotely include turning devices off/on weekly, disconnecting Bluetooth® when not in use, not connecting to public networks, and never clicking on suspicious attachments.
5. Click with Caution.
Data is currency. Cybercriminals and online scammers want your information and are waiting like lobster fishermen for someone to walk into their traps. Malicious ads, email attachments, and untrusted applications all present concerns for remote workers. Teach your team NOT to open unknown email attachments and links.
Even if messages are from legitimate senders, an employee’s known contacts can unknowingly pass on malicious content if their device is compromised or a malicious actor is impersonating them.
HR plays a significant role in cybersecurity awareness, especially when handling remote workers. By communicating cyber safety methods for working remotely and creating simple habits, you can increase your team’s awareness of common threats and protect remote workers from cyber disasters.
IMA will continue to monitor regulator guidance and offer meaningful, practical, timely information.
This material should not be considered as a substitute for legal, tax and/or actuarial advice. Contact the appropriate professional counsel for such matters. These materials are not exhaustive and are subject to possible changes in applicable laws, rules, and regulations and their interpretations.