5 Cybersecurity Considerations When Your Employees Work From Home
The widespread pandemic of COVID-19 caused by the virus SARS-CoV-2 (a novel coronavirus) has forced employers to urge their employees to work from home wherever possible in an effort to reduce the rate of transmission of the disease.
This sudden shift to remote working has left employers and employees alike scrambling to adjust to the nature of remote work. While remote working can absolutely be done effectively, many employers do not yet have the planning and resources required to manage a remote workforce.
If you have opted to offer work from home opportunities for your employees and you would like to keep sensitive data secure, here are 5 key cybersecurity considerations for your remote workforce.
1) How Remote Employees Connect to the Organization’s Network
Let’s face it – your organization’s internal security measures are far greater than what can be reasonably expected of your employees that are working from home. To keep sensitive data safe it must be kept as secure as possible for both in-house and remote employees.
Remote workers that require access to the organization’s network will need to be supplied with secure remote digital access options such as a virtual private network (VPN) or Office 365’s remote access environment. These digital access options will provide remote workers with access to the files and emails they need to perform their job duties while mitigating the risk of data breaches as they will not need to sync data to the device they are using at home.
If your organization will be relying heavily on cloud services when working with sensitive data, you should also consider a Cloud Access Security Broker (CASB) such as Microsoft Cloud App Security, MVISION Cloud, or Bitglass. CASBs provide a suite of security tools that allow them to act as a protective barrier between the infrastructure of your organization and that of the cloud service provider.
2) Internet Access for Remote Employees
If your organization has abruptly implemented an en-masse request for employees to work from home to mitigate the vectors of transmission during the COVID-19 pandemic, you will need to plan accordingly to ensure that your remote workers have the resources they need.
Employees may not currently have adequate internet access or bandwidth to perform work functions for a variety of reasons. They could be located in rural areas with limited internet service options, they may not be regular internet users, or they may only have a lower bandwidth internet connection that suits their typical at-home needs just fine.
It is critical that remotely working employees do not use public/shared wifi to perform work tasks if their devices will have access to sensitive data. Public wifi is an attractive target for cybercriminals and the security offered by these networks is likely insufficient for preventing unauthorized users from detecting traffic on the network.
Options for Providing Secure & Reliable Internet Access
- Offer employees a stipend to upgrade their existing internet infrastructure
- Provide remote employees with tasks that are less reliant on the internet to make up for bandwidth gaps
- Provide mobile employees with dedicated mobile routers that include an adequate data plan
3) The Dangers of Personal Devices
The use of personal devices in the workplace is not a new concept; many companies have a Bring Your Own Device (BYOD) policy that allows employees to use personal devices to accomplish work tasks.
If your organization is not fully prepared to shift a majority of its workforce to a work-from-home arrangement, it may be tempting to ask that remote workers use their own personal devices when working from home. If you decide to allow your employees to use personal devices, there are cybersecurity considerations you should be aware of.
Why Using Personal Devices For Work Is Risky
- Personal devices have less robust security than the organization’s internal infrastructure.
- Employees may have privacy concerns regarding monitoring & security agents being installed on their personal devices as their employers may inadvertently capture personal data.
- Cybersecurity best practices are more difficult to enforce on personal devices, particularly when your employees are working from home.
- Data breaches can easily be caused by employees transferring sensitive files between their personal devices and their work devices.
Where feasible, your organization should consider renting, leasing, or purchasing devices that employees can use as dedicated working machines while they work from home. This will provide you with greater options for patch management, employee monitoring, and endpoint security.
4) Mitigating The “Human Element”
The human element in cybersecurity is difficult enough to manage for in-house workers. When your workforce is suddenly forced to work from outside the office, monitoring employees to ensure they are following cybersecurity best practices will prove to be a challenge.
Phishing scams are always a concern for IT administrators. Cybercriminals are taking advantage of the concern over the 2019-2020 coronavirus pandemic to target employees for phishing scams. Employees should always be alert for phishing scams, however, it is important to remind them that cybercriminals have a habit of using current events as bait.
Employees that are not typically cybersecurity conscious and instead comply with acceptable use policies due to social/professional pressures may be tempted to relax their cybersecurity practices when at home and away from their colleagues and managers. Increased focus on the importance of cybersecurity will help to mitigate negligent insider threats during this time.
Software Solutions for Working With Remote Employees Safely
- Remote browser isolation software such as Authentic8’s Silo can protect against browser-based malware exploits
- Internet filtering software such as CurrentWare’s BrowseControl can proactively prevent access to websites used to transmit malware
- User behavior analysis tools such as Microsoft Defender Advanced Threat Protection (ATP) can identify attackers using compromised credentials.
5) Maintaining Endpoint Security
Endpoint security is a critical consideration for employees working from home. Their unfettered access to personal devices and the infrastructure restrictions they have will make them more difficult to secure than in-house employees. That said, there are some best practices you and your employees can take to perform remote work securely.
Cybersecurity Best Practices For Your Remote Employees
- Use multi-factor authentication (MFA/2FA) and/or privileged access management (PAM) tools to verify credentials
- Provide up-to-date and ongoing cybersecurity training appropriate to each employee’s risk level
- Ensure they use a private internet connection that is separate from Smart Devices/IoT technology. These technologies are often not manufactured with security in mind and they have been known to be vulnerabilities for networks.
- Provide access to enterprise-grade password managers with a secure master password to store unique login credentials for any services/systems they need access to for their work.
- Use internet filtering software to prevent access to websites that are compromised by malware
- Use endpoint security software that can prevent the use of unauthorized USB devices and monitor for suspicious file activity.
As mentioned before, employees that are working from home and using personal devices will likely not be comfortable having their devices secured with software agents for monitoring and endpoint restriction. This will be one of the unfortunate limitations of relying on personal devices for remote work during this time. Employees that are using personal devices should not be granted access to sensitive data to mitigate these risks wherever possible.
Removable Media
Policy Template
- Set data security standards for portable storage
- Define the acceptable use of removable media
- Inform your users about their security responsibilities
Get started today—Download the FREE template and customize it to fit the needs of your organization.
If you would like to learn more about adapting to an influx of remote workers, we welcome you to read our related posts:
