The global pandemic has brought forward an unprecedented rise in remote working worldwide. What was once considered a luxury offered to only a handful of employees has become an obligation for hundreds of millions of people.
Yet, with this abrupt shift to working from home, are companies leaving themselves more exposed to online cybercrime threats? It seems so, as a massive 71% of business owners are expecting the increase in remote working to result in some sort of a cyber breach. To say the data privacy lawyers have got their hands full would be somewhat of an understatement!
With that said, here are some quick tips you can implement into your business so you can better protect both your company and employee data.
Provide employees with basic security knowledge
Employee negligence remains the most significant threat of company data breaches, with 20% of all registered attacks occurring due to an employee mishap. Here are some of the main ways employees expose company data:
- Phishing attacks — one in every eight employees shares information on a phishing site.
- Unprotected personal devices — 45% of business owners are concerned about a potential data breach occurring due to a security issue on an employee’s personal device.
- Poor password management — 73% of businesses are now running additional training for employees on how to remain safe when working remotely, with training focused on implementing better password management.
- Using public Wi-Fi — 63% of employees admitted to using public Wi-Fi to access company emails and files, and a staggering 21% admitted to leaving a work device unattended in public while working remotely.
So what can you do to better protect your company data?
- Amp up training on cybersecurity
- Make cybersecurity a priority for employees
- Restrict the use of personal devices when accessing company data
- Encourage the use of proper password management
- Forbid employees from accessing company data while using public Wi-Fi
See also: Navigating Security in the Remote Paradigm
Provide your people with VPN access
In the wake of the current global situation, 79% of business owners have decided to increase their cybersecurity procedures to manage high volumes of remote access. One of the leading ways of doing this was by giving employees access to a highly encrypted VPN.
If you aren’t already with what a VPN is, it’s basically a service that allows you to create a secure and encrypted connection between any of your devices and the internet server. It creates an encrypted tunnel for all of the data transmissions to be sent and received through, and thus it makes it extremely difficult for hackers to intercept. These days, running a VPN is becoming a necessity as cybercrime rates continue to increase, especially as they are relatively cheap and easy to use. Companies that use a VPN provider will likely continue to do so even after the pandemic is over.
Run a password audit
A password security audit is an excellent way for you to test the strength of your employees' passwords and how they would fare against an attack. A thorough audit should help uncover weak passwords and also provides an excellent opportunity to further educate staff on “password hygiene,” especially when working remotely.
You should also consider investing in a password manager for your employees, which will massively reduce the risk of a successful password attack.
Password managers work by creating a unique password for each site that your employee visits. The passwords they generate are highly secure and typically consist of an extremely long alphanumeric sequence that is next to impossible to guess.
Use an MDM/EMM solution
Mobile device management (MDM) or enterprise mobility management (EMM) is a set of technology, processes and policies that help to bolster the security of corporate and employee-owned devices within your organization.
In short, an MDM solution manages the features on the mobile device, whereas an EMM solution manages the entire device. Both are great ways to fortify company data security when employees are working remotely, regardless of whether they are company devices or employee-owned. These solutions allow you to do things such as:
- Enforce the use of security policies on devices
- Remotely control devices
- Track the device location in real time
- Wipe the device when reported lost or stolen
Foster community and care for employees
It’s important to remember that company data is not the only data at risk during a breach. Most companies are required to hold sensitive information about their employees, such as their date of birth, address and Social Security number. This information is a prime target for hackers looking to commit identity fraud, and you must protect your employees' data to the best of your ability.
After all, employees are putting their faith in you the same way you put your faith and trust in them. This is why it’s a great idea to foster a sense of community and care for employees to create an atmosphere where everyone is committed to taking care of each other’s online security.
As always, the best way to do this is through education, so make sure you take the time to set up training sessions and encourage participation where possible.
Provide clear guidance and encourage communication
Last but not least, you must make cybersecurity a part of your company policy. Given that employee negligence is still one of the biggest causes of breaches, you must put steps in place to limit the likelihood of such an event.
If possible, lay out clear company guidelines on what is expected of your employees, including best practices such as:
- Avoid opening pop-ups and unknown emails
- Use a strong password (preferably a unique one for each site)
- Only connect to secure Wi-Fi
- Use a VPN where possible
- Enable firewall protection at home and at work
- Keep antivirus and system software up to date
- Back up data regularly
See also: Time to Focus on Cyber Resilience
Finally, it’s important to encourage communication around cybersecurity incidents. If an employee suspects there has been a breach or has located a potential threat/weakness, make sure the employee has a clear channel to communicate concerns.