Tips on securing a remote workforce

The pandemic taught us a lot about cybersecurity and home working, but lessons are still to be learned. Here we outline some tips that may be useful in securing your remote workforce and guarding their privacy.

According to a recent report by the Ministry of Economic Affairs in the Netherlands[1], working from home continues to be responsible for an increase in the number of data breaches and security incidents due to accidental mistakes by employees. Last year it had to deal with 125 data leaks including incorrectly addressed emails and the accidental publication of personal data.

“Because employees working from home are less likely to ask a colleague to read or check a document or email before it is sent, mistakes are frequently made,” the report explains.

The Ministry is paying more attention to training knowledge workers in the safe handling of personal data and to report data breaches. By taking this approach employees understand exactly what a data breach is and the importance of reporting each and everyone to prevent such issues in the future.

“The desperate need to collaborate meant the security aspect was often ignored, and in some cases continues to be. It has been a big learning curve for many,” explains Jort Kollerie, Manager Security Architecture at Orange Cyberdefense. Zoom, Google Meet, Microsoft Teams, and Webex were all vectors for an attack during the global health crisis and it is essential that they are still adequately secured.

The reality is, that the number of breaches has shot up as malicious actors easily target remote workers who don’t have sufficient security protection or cybersecurity awareness training to spot phishing attempts, for example.

The pandemic is still with us, and with many enterprises offering home or hybrid working, the privacy and security challenges have not disappeared. “It only takes one employee to bring down a whole organization and it can be as simple as clicking on a phishing email,” explains Kollerie.

1. Do employees have secured and protected home Wi-Fi networks? One of the easiest ways to strengthen security is to strengthen protection of the home Wi-Fi network. Make sure employees understand that they need to use strong, unique passwords, for example. Ensure that employees run the latest version of their router’s firmware to ensure that they get the latest patches and software updates, avoiding gaping security holes.
2. Are employees’ operating systems and applications updated? Software companies release software updates regularly that include new features and fixes. This includes security patches. Most will install these automatically but occasionally they need help from the device user. If employees don’t watch these, their systems and software will be left exposed. Also, share good cyber hygiene information regularly across the organization, such as backing up periodically and ensuring anti-virus software is switched on and working.
3. Have you put two-factor authentication in place for remote working? Two-factor authentication adds an additional layer of security, making it more difficult for bad actors to get into your system and accounts, especially when accessing business-critical data. For example, first employees enter their name and password. They will then need to verify themselves with a one-time password (OTP), for example sent to their phone.
4. Ensure employees understand not to store corporate data on personal devices or in a personal cloud. Business and personal activities should never be mixed. This is where mistakes creep in. Organizations should have strong security policies and ongoing security awareness training to ensure this doesn’t happen.
5. Make sure employees lock devices when left unattended. This may seem like a simple rule, but it is essential in a home or other remote environments such as a coffee shop, where other individuals could access the system.
6. Make sure employees know how to familiarize themselves with security and privacy settings on systems. These settings should not be seen as a silver bullet, but they go some way to controlling how security and personal data are handled. Employees should limit the use of information sharing on mobile devices, particularly the collection and use of location data, access to the device and apps being used, and tracking web browsing history.
7. Ask employees to turn off smart speakers when working remotely. Alexa and other digital assistants have come under scrutiny recently when it comes to security and privacy. It has been shown that these devices can listen to users, even if not activated for a task. It is unknown what kind of information is being used or how it is being collected, so don’t risk confidential business conversations in the presence of smart speakers.