Are Your Remote Employees Keeping Your Systems Secure?
With employees at offices across the globe now learning to work remotely due to the current coronavirus crisis, we are all having to get used to new practices very quickly.
Unfortunately, this can sometimes mean that the best security measures get forgotten about along the way, even though it’s never been more important to make sure that your data is protected and your IT setup is secure against the rising tide of cyber crime.
Neutralizing online security threats is all about vigilance and consistency, so if your employees don’t follow good online security policy, they not only risk breaching company security, but compromising their personal privacy too.
So what should employees be doing to lower the risks when working from home?
Never Use Public WiFi
Public WiFi networks are never secure by their very nature, and many are actively targeted by scammers and criminals looking to gain access to personal data.
Employees should never use a public network to connect when carrying out company business. Either a secured, password-protected private network should be used, or, if the person is having issues accessing one, a company-provided mobile hotspot tethered to the laptop is another alternative.
Encrypt Communications
Communication with colleagues and business contacts is, of course, vital, but workers need to be sure these are conducted in a manner which won’t compromise any sensitive information.
Secure methods of contact are an essential part of business operations, so either use a custom platform or programs that offer end-to-end encryption of your messages and attachments.
Practice Password Security
One area which is one of the most common weaknesses is password security. A lot of people are naturally lazy or forgetful when it comes to selecting passwords for access to their desktop or cloud-based systems and will use the same password across many accounts, making it easy for criminals to gain access. Once the password is breached on one site, then hackers can use credential stuffing to compromise security for each account the same login information was used in.
Mandate that employees create a unique password for each account with a mix of upper and lower case letters, numbers, and symbols. For best practice, a random number generation password generator can be used. For ease of use, an online password management system can also be a useful tool if forgetting unique passwords might be a problem.
Avoid Phishing Schemes
Phishing scams are increasingly sophisticated these days, and even the most tech-conscious employees can be at risk. Employees should be trained on how to recognize potential phishing emails and kept up to date with emerging scams.
In emails, always check the sender address for any irregularities such as spelling. Hover over links and check the URL before clicking them, and never open any attachments unless you’re sure of the sender’s credentials. If there’s any suspicion, check a telephone number or email address for the organization supposedly sending the communication elsewhere to independently verify it.
Employees should also know who to contact to report a scam or suspected phishing attempt, especially when they may be physically separated from the office.
Keep Up Regular IT Training
The cybersecurity threat landscape is constantly evolving, especially as so many workers are now remote and hackers capitalize on weaknesses in remote security. In addition to keeping up with standard security practices like firewalls, anti-malware, and other security-enhancing software, businesses should work with a trusted IT service company to continue regularly training employees on best practices.
