As businesses rely more on technology and people begin adapting to the new work-from-home reality—in which work-related information is transmitted online and through mobile devices, and employees are increasingly dependent on digital communication, file sharing, and cloud-based systems—it’s imperative that we prioritize cybersecurity and internet privacy.
More specifically, employers and their employees must understand the vulnerabilities that exist in technology, and organizations must put thoughtful processes in place to protect against breaches or inadvertent disclosures of information.
From a technical standpoint, there’s no such thing as absolute cybersecurity. The reason? Cybersecurity is like an arms race with both sides competing to develop the best weapons and defenses possible—which means businesses must continually assess, identify and evolve, given bad actors’ ongoing development of new threats.
For this reason, it’s essential that employers create redundancies, or layers of protection, that make it more difficult for these threats to penetrate the employers’ defenses.
It’s also critical that organizations have a data-breach response plan which details the steps to take should a data breach occur—much like a pilot’s pre-flight checklist. Because, as history has shown, no matter how good your people are, committing these plans to writing is invaluable, and it goes a long way toward protecting your business, your employees and your consumers.
Here are 10 tips to help employers with remote workforces improve their cybersecurity efforts:
1. Separate Work Devices from Personal Devices. This is one of the easiest and most fundamental steps you can take to safeguard information. With separate devices, employees can control individual permissions on each device independently and can segregate apps, photos and files to their appropriate devices.
2. Use Separate Profiles. Can’t separate work devices from personal devices? Not only do many companies allow their employees to use company-supplied phones for personal use, but currently, many employees are using their personal computers to work from home.
In situations like these, a best practice is to create separate user profiles on the single device so that one profile is solely for personal purposes and the other is solely work-related. While this works particularly well for traditional desktop and laptop computers, only some mobile devices allow for such functionality.
As a rule of thumb, Apple mobile devices don’t, so on these devices, designate specific apps for specific accounts. For example, you can use your native email app for work and download a second email app just for your personal email account. The same can work for messaging apps and cloud storage.
3. Watch for Suspicious Emails (Especially from Your Boss). Data breaches commonly occur because people open emails from senders either outside their organization or who’ve hacked their boss’ email account and appear legitimate—but aren’t. This practice, called “phishing,” occurs when a hacker sends an email to an entire organization with the hope of tricking someone—anyone—into clicking a link or providing information.
Signs that an email is fraudulent include bad grammar, a sense of urgency, strange requests, or strange hyperlinks or unexpected files. These attacks often are very successful because they come from accounts held by persons of authority within an organization—thus playing to an employee’s willingness to do the task.
If you receive any email from anyone asking you for sensitive information or to spend money, call and check with your supervisors first.
4. Don’t Download Random Apps. If you can’t find an application in your native app store (Google Play Store, Microsoft Store, Apple AppStore), it’s probably coming from an unverified vendor and can contain viruses or malware—so always check with your IT department before downloading an application that falls into this category. Better yet, ask your IT department to set the program up for you. When in doubt, do not download. Period.
5. Reset Passwords Regularly. Regular password audits are important to ensure you stay one step ahead of the curve. A good password is unpronounceable; is at least 10 characters long; and includes a combination of numbers, symbols, and lower- and upper-case letters. Passwords should be changed at least every six months.
6. Enable Two-Step Verification. If your accounts or devices allow for “two-step verification,” you should enable it now. Two-step verification protects your accounts with an added layer of security by requiring two levels of verification before granting access to your account. Typically, this requires using your cell phone, but it’s worth the extra effort to protect your information.
7. Update Your Software. Those notifications asking you to update your software and firmware often are critical security updates provided in response to newly identified cybersecurity threats around the world. It’s critical that you keep all your apps and devices up to date with the latest version of software available.
8. Never Send Sensitive Information Over Unencrypted Email. Most people don’t realize this, but the majority of email systems aren’t secure. Before sending sensitive documents or information via email, check with your IT department to see if your system is secure. If it’s not, try to use secure cloud systems or otherwise encrypted messaging tools to send the information.
9. Do Not Use Free Wi-fi. Free and public wi-fi, like those found in hotels, apartment complexes, and coffee shops, are some of the most vulnerable and insecure internet connections you can use. Never use free or public wi-fi for work.
10. Secure Your Home Router. When was the last time you changed your wi-fi password? Most people never change the password from factory settings, which leaves your home network vulnerable to breach. Now that you’re using your home internet connection to work, it’s more important than ever to ensure that your wi-fi is secure. It’s recommended that you keep your router updated, change your password regularly using the password recommendations provided above, and monitor for devices that are connected to your network but you don’t recognize.
While employees work from home, it’s critical to continuously identify the risks to privacy and cybersecurity that remote work poses. Creating outlines and checklists to which your employees can refer is a great way to remind everyone that basic defenses are extremely valuable to your organization. The majority of data incidents that occur worldwide are caused by user error or oversight — meaning your first line of defense against cyberattacks is a well-informed workforce. When armed with the right information, your team members can enjoy a hassle-free remote work experience while remaining on top of their duties.