Your Guide To Remote Workers And Cybersecurity

These days, it’s the norm for businesses to use remote workers at least some point through the working day. While this offers the company and employees much greater flexibility, in many cases, it also opens the doors to all kinds of security risks. Whether it’s a contractual arrangement or an ad-hoc, casual part of your company culture, you need to be doing everything in your power to keep your network, systems and devices safe. While remote working security needs vary from business to business, here’s a list of pointers that will give you a great starting point…

Keep Laptops, Phones, and Tablets Safe

Lost or stolen mobile devices are easy pickings for hackers if there aren’t enough decent security measures in place. You need to be doing everything you can to keep these assets safe. While there are various technical barriers you can apply here, it should all start with a clear-cut policy for using mobile devices that all your employees should be aware of. Make sure your employees are keeping their devices with them and in sight at all times, and never leaving them in cars, hotel safes, and so on. You should also ensure everyone’s setting strong passwords, and look into second-factor authentication features like a Fido u2f security key. Finally, mobile device management programs can help you to recover laptops, phones and tablets if they’re ever lost or stolen.

Keep Security Layers Up to Date

Any devices that are owned by your organisation obviously need to be protected using antivirus, firewalls, web filtering, encryption and other preventative measures, but so do any devices owned by your employees if they’re using them for remote working. This can be a little tough to negotiate at times, as your employees may feel that it impeaches on the personal use of their devices. You may have to address this issue through your company security policies, either by restricting employees from using their own devices for high-risk, business-critical activities, providing secured company-owned devices, or making certain protective measures mandatory for all privately-owned devices.

Set Rules for Public WiFi

Any devices connected to public WiFi can be vulnerable to attack, which can obviously present a big issue to people on your staff who have to work from conference centers and hotel rooms. Ideally, your staff should only be connecting to trusted, secure networks, but obviously this isn’t always practical. With this in mind, you should have a part of your security policy forbidding employees from using public networks for any kind of sensitive or business-critical activities. It’s a good idea to draw up some specific guidelines outlining the kinds of activities and systems which staff can and can’t access while they’re connected to a public WiFi network.

Maintain Good Email Encryption

Email is among the most commonly used digital communication channels when it comes to staff members out of the office, and one that’s the root of a lot of major security breaches. Robust management of corporate email accounts, along with solid encryption, is a non-negotiable must. Installing apps such as Mimecast is an obviously smart move. However, if you make a point of raising awareness of the vulnerability of email, this can also do a lot to embed safe usage within your business. This should include training your employees in spotting common cybersecurity threats such as phishing emails, along with clear policies on the kind of information that your staff can and can’t communicate through email. Usernames and passwords are obvious no-no’s, but there may be a lot of other information you can’t afford to let hackers access depending on your niche and model.

Hiding Devices from Prying Eyes

Yes, there’s enough to worry about when it comes to purely digital threats. However, your employees all need to be aware of the physical threats of using mobile devices as well. Just as you would make sure your pin number is well hidden when using an ATM or pay point, you need to make sure your employees are being smart and discreet whenever they’re typing login information on a mobile device when they’re out and about. They also need to be aware of the risk of eavesdropping and other general snooping from people in the immediate vicinity. These days, it’s easier than ever for someone to snap a high-resolution photo of a screen in public, so don’t leave your business open to this very real risk.

Be Aware of External Storage

USB sticks and other external storage devices can occasionally be a vessel for malware, and have to be screened before you allow them to be plugged into any company devices. A lot of business owners and representatives come back from conferences with a free USB stick that’s infected with malware, unbeknownst to both them and the event organizers. Make it part of the policy to stop anyone from plugging one of these devices into a business computer with a lot of important information on it, for example to display information during a meeting. Until the security buffs in your IT department have the opportunity to check them, any kind of external storage should be treated as a threat.

Teach Staff About Public Computers

While in the majority of cases, your staff will have their own devices that they can use to get remote work done, every now and then someone may have to use a public computer, for example in the business suite of an airport. Make sure all your staff are aware of the security risks, and taking steps to avoid any kind of breach. They need to position screens so that they can’t be seen by anyone around them, never use public computers to send sensitive information, use private browsing wherever it’s available, and never tick those “remember me” boxes on login screens. They also need to be clearing browsing history and deleting downloads when they’re about to close an internet browser. It’s generally a good idea to keep these rules in a template email, and send them to anyone who’s going away on business before they leave.

About Will Chatham

Will Chatham is an Information Security Analyst, OSCP, Ethical Hacker, and Penetration Tester at a federal data center in Asheville, NC. Since Netscape 2.0, he has worked in a wide array of environments including non-profit, corporate, small business, and government. His varied background, from developer to search engine optimizer to security professional, has helped him build a wide range of skills that help those with whom he works and teaches.
Bookmark the permalink.

Leave a Reply