The widespread pandemic of COVID-19 caused by the virus SARS-CoV-2 (a novel coronavirus) has forced employers to urge their employees to work from home wherever possible in an effort to reduce the rate of transmission of the disease.
This sudden shift to remote working has left employers and employees alike scrambling to adjust to the nature of remote work. While remote working can absolutely be done effectively, many employers do not yet have the planning and resources required to manage a remote workforce.
If you have opted to offer work from home opportunities for your employees and you would like to keep sensitive data secure, here are 5 key cybersecurity considerations for your remote workforce.
Let’s face it – your organization’s internal security measures are far greater than what can be reasonably expected of your employees that are working from home. To keep sensitive data safe it must be kept as secure as possible for both in-house and remote employees.
Remote workers that require access to the organization’s network will need to be supplied with secure remote digital access options such as a virtual private network (VPN) or Office 365’s remote access environment. These digital access options will provide remote workers with access to the files and emails they need to perform their job duties while mitigating the risk of data breaches as they will not need to sync data to the device they are using at home.
If your organization will be relying heavily on cloud services when working with sensitive data, you should also consider a Cloud Access Security Broker (CASB) such as Microsoft Cloud App Security, MVISION Cloud, or Bitglass. CASBs provide a suite of security tools that allow them to act as a protective barrier between the infrastructure of your organization and that of the cloud service provider.
If your organization has abruptly implemented an en-masse request for employees to work from home to mitigate the vectors of transmission during the COVID-19 pandemic, you will need to plan accordingly to ensure that your remote workers have the resources they need.
Employees may not currently have adequate internet access or bandwidth to perform work functions for a variety of reasons. They could be located in rural areas with limited internet service options, they may not be regular internet users, or they may only have a lower bandwidth internet connection that suits their typical at-home needs just fine.
It is critical that remotely working employees do not use public/shared wifi to perform work tasks if their devices will have access to sensitive data. Public wifi is an attractive target for cybercriminals and the security offered by these networks is likely insufficient for preventing unauthorized users from detecting traffic on the network.
The use of personal devices in the workplace is not a new concept; many companies have a Bring Your Own Device (BYOD) policy that allows employees to use personal devices to accomplish work tasks.
If your organization is not fully prepared to shift a majority of its workforce to a work-from-home arrangement, it may be tempting to ask that remote workers use their own personal devices when working from home. If you decide to allow your employees to use personal devices, there are cybersecurity considerations you should be aware of.
Where feasible, your organization should consider renting, leasing, or purchasing devices that employees can use as dedicated working machines while they work from home. This will provide you with greater options for patch management, employee monitoring, and endpoint security.
The human element in cybersecurity is difficult enough to manage for in-house workers. When your workforce is suddenly forced to work from outside the office, monitoring employees to ensure they are following cybersecurity best practices will prove to be a challenge.
Phishing scams are always a concern for IT administrators. Cybercriminals are taking advantage of the concern over the 2019-2020 coronavirus pandemic to target employees for phishing scams. Employees should always be alert for phishing scams, however, it is important to remind them that cybercriminals have a habit of using current events as bait.
Employees that are not typically cybersecurity conscious and instead comply with acceptable use policies due to social/professional pressures may be tempted to relax their cybersecurity practices when at home and away from their colleagues and managers. Increased focus on the importance of cybersecurity will help to mitigate negligent insider threats during this time.
Endpoint security is a critical consideration for employees working from home. Their unfettered access to personal devices and the infrastructure restrictions they have will make them more difficult to secure than in-house employees. That said, there are some best practices you and your employees can take to perform remote work securely.
As mentioned before, employees that are working from home and using personal devices will likely not be comfortable having their devices secured with software agents for monitoring and endpoint restriction. This will be one of the unfortunate limitations of relying on personal devices for remote work during this time. Employees that are using personal devices should not be granted access to sensitive data to mitigate these risks wherever possible.
Get started today—Download the FREE template and customize it to fit the needs of your organization.
If you would like to learn more about adapting to an influx of remote workers, we welcome you to read our related posts:
Cookie | Duration | Description |
---|---|---|
__cfruid | session | Cloudflare sets this cookie to identify trusted web traffic. |
cookielawinfo-checkbox-advertisement | 1 year | Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category . |
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
JSESSIONID | session | The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application. |
LS_CSRF_TOKEN | session | Cloudflare sets this cookie to track users’ activities across multiple websites. It expires once the browser is closed. |
OptanonConsent | 1 year | OneTrust sets this cookie to store details about the site's cookie category and check whether visitors have given or withdrawn consent from the use of each category. |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |
Cookie | Duration | Description |
---|---|---|
__cf_bm | 30 minutes | This cookie, set by Cloudflare, is used to support Cloudflare Bot Management. |
_zcsr_tmp | session | Zoho sets this cookie for the login function on the website. |
Cookie | Duration | Description |
---|---|---|
_calendly_session | 21 days | Calendly, a Meeting Schedulers, sets this cookie to allow the meeting scheduler to function within the website and to add events into the visitor’s calendar. |
_gaexp | 2 months 11 days 7 hours 3 minutes | Google Analytics installs this cookie to determine a user's inclusion in an experiment and the expiry of experiments a user has been included in. |
Cookie | Duration | Description |
---|---|---|
_ga | 2 years | The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors. |
_ga_GY6RPLBZG0 | 2 years | This cookie is installed by Google Analytics. |
_gcl_au | 3 months | Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services. |
_gid | 1 day | Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously. |
CONSENT | 2 years | YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data. |
Cookie | Duration | Description |
---|---|---|
_opt_expid | past | Set by Google Analytics, this cookie is created when running a redirect experiment. It stores the experiment ID, the variant ID and the referrer to the page that is being redirected. |
IDE | 1 year 24 days | Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile. |
NID | 6 months | NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads. |
test_cookie | 15 minutes | The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies. |
VISITOR_INFO1_LIVE | 5 months 27 days | A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface. |
YSC | session | YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages. |
yt-remote-connected-devices | never | YouTube sets this cookie to store the video preferences of the user using embedded YouTube video. |
yt-remote-device-id | never | YouTube sets this cookie to store the video preferences of the user using embedded YouTube video. |
yt.innertube::nextId | never | This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen. |
yt.innertube::requests | never | This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen. |
Cookie | Duration | Description |
---|---|---|
_dc_gtm_UA-6494714-6 | 1 minute | No description |
_gaexp_rc | past | No description available. |
34f6831605 | session | No description |
383aeadb58 | session | No description available. |
663a60c55d | session | No description available. |
6e4b8efee4 | session | No description available. |
c72887300d | session | No description available. |
cookielawinfo-checkbox-tracking | 1 year | No description |
crmcsr | session | No description available. |
currentware-_zldp | 2 years | No description |
currentware-_zldt | 1 day | No description |
et_pb_ab_view_page_26104 | session | No description |
gaclientid | 1 month | No description |
gclid | 1 month | No description |
handl_ip | 1 month | No description available. |
handl_landing_page | 1 month | No description available. |
handl_original_ref | 1 month | No description available. |
handl_ref | 1 month | No description available. |
handl_ref_domain | 1 month | No description |
handl_url | 1 month | No description available. |
handl_url_base | 1 month | No description |
handlID | 1 month | No description |
HandLtestDomainName | session | No description |
HandLtestDomainNameServer | 1 day | No description |
isiframeenabled | 1 day | No description available. |
m | 2 years | No description available. |
nitroCachedPage | session | No description |
organic_source | 1 month | No description |
organic_source_str | 1 month | No description |
traffic_source | 1 month | No description available. |
uesign | 1 month | No description |
user_agent | 1 month | No description available. |
ZCAMPAIGN_CSRF_TOKEN | session | No description available. |
zld685336000000002056state | 5 minutes | No description |