Thanks to the COVID-19 pandemic, many companies shifted to a WFH model. While this helped to keep employees safe and healthy, it also opened up businesses to a range of cybersecurity issues, and we saw a rise in cybercrimes targeting remote workers.
In fact, 73% of businesses think they’ll be impacted by a cybersecurity incident, and half said they’d already fallen victim to a breach, according to a recent study by ESET, which surveyed 1,200 senior managers in the UK, US, Japan and Mexico.
With so many employees WFH, it makes sense that companies are more vulnerable to cyber attacks. We wanted to learn more about cybersecurity for remote workers, so we asked ESET to explain the major risks of the new way of working and how to overcome them.
#1 Insecure home connections.
When employees work remotely, they have to connect to the internet via their home router. While they can’t help that, using an insecure home connection can open your company’s data up to cybercriminals, who may find it easier to hack into a personal network than a corporate network that has been set up by IT professionals.
- Require all employees to connect to a Virtual Private Network (VPN) before logging on to your company’s intranet and internal programs like Slack, Zoom and Gmail.
VPNs encrypt data and hide your IP address, protecting your employees’ privacy and anonymity online and securing their internet connection. VPNs can be accessed on desktops, laptops and smartphones, so your data will be protected even if your employees are looking at company files and emails while they’re out and about. For added remote workforce cybersecurity, we recommend setting up multi-factor authentication (MFA) on your company’s systems. That way, your staff members will need to enter two forms of verification — such as a password and a code sent to their phone — before they can hop onto the intranet.
- Ask employees to enable their router’s firewall.
Most routers have a built-in firewall that filters traffic entering and exiting your network and prevents unauthorised users from gaining access. If an employee’s router supports this feature, ask them to enable it. And if they go through the manual and find out that it doesn’t, it’s worth investing in a separate firewall to monitor traffic coming in and out. This will add an extra layer of WiFi protection, especially if your staff is handling sensitive information online.
While we’re on the topic of routers, remind your employees to keep their firmware up to date. In most cases, routers update automatically, but they should double-check their console once a month to ensure they haven’t missed an important update.
- Encrypt WiFi networks.
It’s a good idea for your staff to encrypt their WiFi network and make it harder for hackers to do their job. To do this, they can go to their router’s console settings and choose WiFi-Protected Access 2 (aka WPA2) for their network and AES for the algorithm. These settings secure any data your employees send and receive so it can only be read by their own devices.
#2 Switching between devices
Ideally, your employees should be using their work computers for work purposes only. But in reality, it’s likely that they’re running personal searches, checking social media, online shopping and doing other things that are unrelated to work. On the flipside, they may be using their personal devices — like smartphones or tablets — to log into their work email or complete small tasks.
Switching between devices poses a few remote workforce security risks. By using work computers for personal reasons, eploiyees could be exposing the company to cyberthreats and data breaches, especially if they fall victim to phishing scams or visit torrent pages. And if they work on their personal phone or laptop, those gadgets might not be equipped with the same kind of cybersecurity protection as their company-issued devices.
- Install antivirus and anti-theft software on all devices.
To reduce the risk of malware, ransomware, identity theft and other cyber attacks, instruct your employees to install an antivirus software on any devices they’re planning to use for work — including personal ones.
A sophisticated antivirus software like ESET Protect Complete provides a multi-layered defence against a range of cyber attacks, safeguards WiFI networks and webcams, and scans attachments and images for viruses. It also protects your cloud email, collaboration and storage systems (like Google Drive), and offers endpoint protection, which is important when employees are using wireless devices that “talk” to each other. The software has a remote management feature, so you can take charge of your company’s work from home security from afar.
Once your employees have installed the software, it’s essential for them to accept all updates. Manufacturers are constantly releasing patches to address security flaws, so you never want to ask your computer to “remind you tomorrow.”
- Encrypt all data.
Between communicating with colleagues and completing their daily tasks, your employees share data every day. Unfortunately, data is a hacker’s most valuable currency. To make sure company data doesn’t land into the wrong hands, ask your employees to encrypt their data.
Most devices have operating systems that fully encrypt stored data and prevent unauthorised access, so remind your employees to stay on top of updates. On your end, you could look into restricting access to files and resources to only the employees who need them to do their jobs.
#3 Phishing attempts
Phishing scams are a persistent threat, and the pandemic presented plenty of opportunities for cybercriminals to prey on confused or worried users.
The problem is: if an employee clicks on a malicious link or attachment, they could end up downloading a virus onto their work computer.
The solution: Cybercrimnals are clever, and many phishing emails look authentic. As an employer, the best thing to do is run your staff through the red flags in a cybersecurity training session.
These are our work from home security tips for employees:
- Never open any emails from unknown senders, or with weird subject lines.
- Look out for spelling errors in the subject line or body of the email.
- If you open an email you thought was from a trusted sender, avoid replying or clicking on any links or attachment. Instead, send it to IT.
- Scan attachments using your antivirus software.
Secure your remote workforce now
Luckily, you can strengthen your business’ security by following best practices and training your employees on security for remote workers.
Protect and manage your workforce with ESET’s Digital Transformation, which identifies security flaws and addresses cyber threats as they happen.