With cases of COVID-19 surging across the U.S. and the future looking uncertain, many American workers continue to do their jobs from home. While these remote workers are reducing their chances of contracting and spreading the novel coronavirus by not commuting back and forth to the office, many of them face elevated risks in another area: cybersecurity.
Remote Workers in the U.S. Lack Security Guidance
More than half of Americans who are newly working from home because of the pandemic are doing so without awareness of any new policies for password management, data handling and other aspects of information security, according to the IBM Security Work from Home Survey. Here are a few more findings from the survey:
- More than 50 percent are using their personal computers for work, and 61 percent say their employers haven’t given them tools to safeguard those devices.
- 66 percent haven’t received new guidance on password management, and 35 percent are reusing passwords.
- More than 50 percent haven’t gotten new guidance on dealing with highly regulated personally identifiable information (PII) while working remote.
This is a recipe for disaster and widespread data breaches, given that malicious actors have sought to exploit the public health crisis with COVID-19-themed scams, according to an alert issued a few months ago by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC).
Additionally, the CISA and NCSC have noted the shift to remote work infrastructure has created new points of vulnerability that cybercriminals can use to gain access to sensitive data. At a tumultuous time when employees need IT security guidance more than ever, many of them don’t have it.
If you haven’t issued up-to-date security guidelines for remote workers, now is the time to do so. Here are some essential factors and solutions to include in your guidelines:
1. Password policies.
More than 80 percent of breaches caused by hacking involve brute force or the use of lost or stolen credentials, according to Verizon’s 2020 Data Breach Investigations Report. It’s vital to instruct remote workers on best practices for passwords, including instructions for creating strong ones, not sharing them and changing them regularly.
2. VPN usage.
You can significantly lower your organization’s data breach risk level by telling all remote workers to use a secure VPN to access your company LAN. Ensure the VPN stays up-to-date to avoid breaches, according to the CISO article “8 key security considerations for protecting remote workers.”
If you want an additional layer of security beyond what a VPN offers, you can leverage our Office Anywhere solution, a zero-trust framework with a Secure Access Service Edge (SASE). The recent migration to remote work has changed how people think about VPNs, which give end users access to everything on your network. Office Anywhere only grants access to the specific apps end users need to complete their work, based on their device’s security checks, access requirements, and a determination process. This is ideal for companies that now have staff members working remote with personal devices.
3. Multi-factor authentication.
Implementing two-factor or multi-factor authentication for all your team members’ work-related accounts adds an extra layer of protection and can prevent a breach even if someone’s credentials get stolen.
4. Anti-virus software.
You should maintain current anti-virus software on all devices used for work to lower the chances of malware infection, according to the Kaspersky Daily blog entry “Remote working safety and security.”
5. Device locking and sharing.
Ensure that your team members know to lock any devices they’re using for work before leaving them unattended. Additionally, instruct them not to share company-issued devices or personal devices with work-related data on them with friends or family members, which is a high-risk habit, according to Infosec.
6. Use of corporate apps only for work.
Instruct people working from home to not use personal apps (e.g., their non-professional Gmail account) for work purposes. Because your IT team doesn’t have control over those apps, they can’t ensure data security.
On top of issuing robust security guidelines for remote workers, you should also conduct employee security awareness training on a regular basis to make sure your staff is familiar with your company policies.
Of course, to achieve the best possible security posture, you should also implement reliable cybersecurity solutions, such as the following:
- Endpoint and network Managed Detection and Response (MDR)
- Device encryption
- Mobile Device Management
If you’d like to learn more about how to establish security guidelines for remote workers, our IT security analysts are available to assist you. We offer a wide range of advanced cybersecurity services and solutions and have considerable experience helping businesses establish secure remote work arrangements.
For more information, give us a call at 877-599-3999 or email firstname.lastname@example.org.