Good habits have always been a key enabler of security in the organization, and they’re an essential part of your strategy to secure remote work.
With the hybrid workplace here to stay, your employees are not just working at home – they’re more mobile than ever, which means they’re connecting to your network infrastructure from many different locations. If you’re going to let staff work in an environment over which you have little to no control, you need to instill some good habits that enable secure remote work.
This is especially true if you’re going to permit your employees to work in public spaces, such as a park or a coffee shop. The argument could made that if you’re going to secure remote work effectively, you should put limits on what employees use as their workplace.
The most compelling reason is that they will use public, unsecured Wi-Fi, making them more likely to expose critical business information and even get hacked. Employees working in public spaces should only access corporate resources online through a virtual private network (VPN), even if they are working from home. Alternatively, they can use their smartphone as a hotspot rather than use public Wi-Fi.
The laptop employees use to work remotely must also be kept up to date so it’s able to handle the latest threats. You can’t secure remote work without anti-virus / malware protection software – any computer connecting to your network must have it, and it needs to be updated with the latest patches and virus definitions to protect against threat actors looking to exploit operating system and application vulnerabilities.
Just as you need to update your anti-virus software regularly, you need to update devices frequently – they should be rebooted often the latest software patches, firmware, and security fixes applied as soon as they are available. If the employee is working from home, you should make sure they’re updating their router regularly as well and any other devices on their home network.
Keeping hardware and software up to date is a habit that’s essential if you’re to secure remote work. Similarly, you must instill best practices when it comes to passwords management. Employees should understand the necessity of creating strong passwords that are unique to each login and account they use. Where possible, look at implementing multi-factor authentication (MFA). Adopting a Zero Trust approach can also help to secure remote work because it means employees are only accessing applications and data they need to.
Technology can only do so much to secure remote work – employee habits that foster good security hygiene are essential if you’re to support a hybrid workplace and mobile workers.
- October 15, 2020
- Catagory cybersecurity
Cybersecurity Awareness is Everyone’s Responsibility, Especially in the Remote Work Era
The shift to remote work means cybersecurity awareness across your organization is more important than ever for maintaining ongoing business operations and regulatory compliance.
Even before the pandemic, most organizations had become rather porous in nature from a network security perspective thanks to the Bring Your Own Device (BYOD) movement, adoption of cloud computing, distributed locations, and an already increasingly mobile workforce. But while security technology has emerged to keep up with these trends, it’s not a silver bullet. Every employee needs a heighten level of cybersecurity awareness.
Remote work means that how an employee manages their device at their home office can have an impact on the organization’s entire network. Their cybersecurity awareness means understanding their workstation is an endpoint that must be configured properly as to contribute to the overall security posture of the organization.
Training is critical to maximize cybersecurity awareness amongst your employees, especially remote workers. But it’s easy to lose their attention if training isn’t clear and engaging. If you’re doing regular phishing tests for your employees, try to have a sense of humour with the email content you’re creating as part of the test, for example, but also make sure employees understand the lesson without being made to feel stupid.
Cybersecurity awareness training should be done regularly as part of regular operations, and at least quarterly, rather than being big annual event, because threats to the organization are ongoing as hackers automate their processes to optimize their chance of success. You should also involve the executive team in your training, so everyone understands that cybersecurity awareness is critical to the success of the business. You might have the CEO do a short video, which is easy to share with remote workers.
The training shouldn’t be solely the responsibility of the security team, either. Lines of business leaders should help to spearhead cybersecurity awareness, and it should be a part of your remote work strategy.
It’s important to remember that cybersecurity awareness isn’t only about protecting against threat actors, malware and ransomware, and malicious data theft. Employees need to understand that good security also helps the organization stay compliant with government privacy legislation and meet regulatory obligations that apply to their industry. Data breaches not only have the potential to cripple business operations and negatively affect customers, but also lead to financial and legal penalties that can profoundly affect the long-term health of the organization.
Most people have adapted to remote work for the past seven months, but because organizations are more distributed than ever, there’s a potential for cybersecurity awareness efforts to lapse, even as be bad people around the world continue to take advantage of the new work-from-home reality. Those doing remote work as part of a connected organization must continue to be vigilant about security as part of their daily work habits.
Sanjeev Spolia is CEO of Supra ITS.
Latest Blogs
FAQ