A recent Upwork report projects the number of Americans working remotely will climb 87% from pre-pandemic levels. This increase may profoundly impact the online security of organizations that employ remote workers. While workers may welcome the flexibility offered by remote work, hackers may see the increase as an opening to attack companies more easily, given home offices can lack robust online security.
However, understanding the way criminals exploit online working environments can help both companies and employees protect themselves from security threats. Consider how implementing work from home safety tips can keep hackers at bay.
Security challenges for a remote workforce
Global Workplace Analytics forecasts that at least a quarter of the workforce will be working remotely several days a week by the end of 2021. The COVID-19 pandemic has forced organizations to quickly adapt to a new reality, one that shifted almost half of the workforce to remote work in the short term.
However, as companies see remote work succeeding, the pandemic is likely to shift where people work in the long term as well. Business leaders surveyed by Upwork reported that in five years they expect:
- Nearly 23% of their employees to be working remotely on a full-time basis
- Almost 15% of their employees to be working remotely on a part-time basis
In such a remote work landscape, company leaders and IT departments face significant security challenges. These challenges can lead to greater vulnerability to both inside and third-party threats, possibly resulting in the exposure of sensitive or valuable company information. It may also increase a company’s vulnerability to phishing attacks and access by unauthorized users to its networks.
Some specific challenges of a remote force include:
An expanding perimeter to secure
IT teams set up a security perimeter to protect their companies’ networks from malicious activity. This involves putting into place technologies and equipment, such as firewalls or access controls, that prevent attacks against the network. Remote work, however, greatly expands the perimeter IT teams need to secure, even including every remote employee’s Wi-Fi network and router. This can prove an impossible task for even the most well-resourced IT departments.
The use of personal devices to connect to company networks
Company office spaces generally provide computers that come with sophisticated encryption and software patches to keep them secure. However, personal computers and devices usually have nothing more than simple antivirus programs. If remote workers use their own weakly protected personal devices to connect to a company’s network, they compromise its security.
Remote workers also may not have securely configured systems. For example, they may have kept the preset passwords for their routers or the default configurations for their web servers, which makes infiltrating them easier. These insecure configurations create gaps, which hackers can easily exploit.
Companies must find ways to address the expanded security perimeter created by remote work, the use of personal devices by remote employees, and the insecure configurations typical of home office networks. Security breaches as a result of failing to address these issues can disrupt operations, compromise data, and ultimately put a company’s reputation at risk.
Work from home safety tips for employees
Employees should keep in mind essential preventive tips that can help ensure online security when working from home.
Follow best practices for using company-issued equipment
Make sure to follow best practices when using company-issued equipment, such as a laptop, tablet, or phone. Here are few to keep in mind:
Use company-issued equipment exclusively for work
Avoid using your company-issued equipment to check personal emails, browse the internet, or view social media. Many security breaches happen through social media sites or messenger applications. Additionally, hackers can embed malware and adware on websites that compromise equipment.
Don’t install unauthorized applications
Most equipment issued to employees already comes with the applications or software needed for work. Avoid the risks of installing or downloading anything not explicitly authorized by an employer.
Avoid using external devices
External devices, such as thumb drives, can be infected with malware or a virus. If employees insert an infected external device into a company laptop, for instance, they can inadvertently compromise it. The malware can upload files, hack software, and even allow a hacker to control the keyboard.
Take steps to secure a home network
By taking a few key steps, remote workers can greatly increase the security of their home networks and decrease the likelihood of cyber attacks. When setting up a home office be sure to:
Install a firewall
Firewalls defend networks from outside attackers trying to infiltrate a network. They also alert users of suspicious activity. Many wireless routers have built-in network firewalls that allow owners to set access controls and turn on web filters, along with other configurations.
Boost the security of your wireless router
Would-be attackers can use wireless routers to access a network. Ways to make a wireless router more secure include:
- Using a strong encryption protocol, such as Wi-Fi Protected Access 3 (WPA3)
- Changing the default administrator password on the router
- Changing the default network name to hide identifying information that hackers could use to locate the network or exploit other weaknesses
Disable services and software you don’t need
Superfluous software and applications give hackers more openings to target for an attack. Eliminating unused services and software removes unnecessary security holes and reduces risks posed to networks, routers, and devices.
Create strong passwords
Make sure each device, Wi-Fi network, and router has a unique password that can’t be easily guessed. Also, take care to change all default passwords and create strong passwords that have:
- A combination of upper- and lower-case letters
- Numbers and special characters
- At least 10 characters
Virtual private networks, or VPNs, keep the information between remote workers and their employers safer by encrypting it. This can prevent cyber criminals from stealing sensitive company data or customer information.
Add multifactor authentication
Multifactor authentication requires users to complete several steps before gaining access to a network. For example, users may have to provide a password and then a fingerprint to sign in. Multifactor authentication verifies a person’s identity with more accuracy and prevents unauthorized users from gaining access to devices, accounts, and networks.
Regularly update software
Updates add needed security patches and repair problems that leave data unprotected. They also can get rid of bugs. By regularly installing updates as soon as they appear, remote workers limit the vulnerabilities of their devices.
Learn about schemes hackers commonly use
Cyber attackers use an array of schemes to hack into people’s networks, steal information, and plant malware. To avoid falling for these scams, remote workers should familiarize themselves with how they work.
In phishing schemes, a common cyber attack, hackers send emails or texts impersonating legitimate businesses or people recipients think they know. The messages may ask for personal information, such as an employee ID number, or encourage recipients to open an attachment containing malware or click on an embedded link. Hackers then use the personal information given to gain access to a secure network or impersonate the deceived individual.
One common phishing scheme aimed to trick remote workers sends emails that look like company correspondence. They may announce new corporate policies and direct remote workers to open an attachment for more information, or they may tell recipients to follow an embedded link so the IT team can re-authenticate them. If an employee complies, hackers can capture their credentials and impersonate them to connect to the company network.
Strategies for companies to improve online security
Companies can promote online security for employees working remotely in various ways:
Staying current on recent cybersecurity trends
Cyber attackers keep upping the ante with new schemes that can fool the unsuspecting and suspecting alike. Organizations must keep up with the most recent cybersecurity trends if they hope to protect themselves. As a growing number of companies embrace remote work models, it becomes more imperative that they learn about new threats and vulnerabilities and stay alert to the evolving threat landscape. Only then can they respond appropriately to the dangers and risks.
Establishing a clear cybersecurity policy
Companies must establish a cybersecurity policy that supports best practices and guides employees in responsible online behaviors. Additionally, setting up systems that limit access to sensitive data, require employees to regularly change passwords, and insist workers follow certain protocols when sharing files can go a long way in averting cyber attacks.
Providing employee training
Employees often inadvertently expose their companies to cyber attacks. However, with the right information and training, remote workers and other employees can avoid common pitfalls that put companies at risk and compromise valuable data. Ongoing training that teaches employees about the latest phishing ruses, methods for distinguishing legitimate from fraudulent emails, and up-to-date security practices can play a vital role in improving online security.
The rising number of cybercrimes and the vulnerability of employees working from home will likely increase the demand for trained cybersecurity experts. A recent report from Cisco shows that 82% of organizations see cybersecurity as either extremely important or more important now than it was before the coronavirus pandemic.
Explore how to build a career in cybersecurity
Tackling cybersecurity challenges calls for a strategic approach. By following and promoting work from home safety tips, both remote workers and business leaders can gain peace of mind. Discover how Maryville University’s online Bachelor of Science in Cybersecurity program prepares graduates to improve online security and safeguard valuable data.