Employee Remote Working: Cybersecurity Concerns
As workplaces across the country look to adapt to the pressing need to slow the transmission of the COVID-19 outbreak, many employers are turning to remote work to keep their businesses afloat while reducing the possibility of transmission.
Many large tech employers such as Google and Amazon are already prepared for the needs of a remote workforce, but for others, the wide scale adoption of remote working comes with some real challenges. In the scramble to ensure the safety of others, it’s important that businesses don’t overlook the need to ensure cybersecurity as well.
The importance of cybersecurity right now
Workplaces, especially ones in regions hit hard by COVID-19, are scrambling for solutions, but it’s important to remember why cybersecurity is important for remote workers.
The Department of Homeland Security’s cyber agency, the Cybersecurity and Infrastructure Security Agency (CISA), issued an alert encouraging organizations to take a heightened approach to cybersecurity. The agency cited the possibility of increased vulnerabilities, attacks and phishing attempts. Another research piece put out by CheckPoint shows cybercriminals are using the coronavirus pandemic to spread spam activity, through both email campaigns and malicious domains.
Data breaches in the US are a major problem even in the best of times. Since 2005, there have been over 10,000 serious breaches publicly reported according to the Identity Theft Resource Center (ITRC). The rapid shift to remote work without well-established protocols will likely create even more opportunity for cybercriminals.
So if you’re implementing remote work for your staff, what can you do to keep your data secure and your workforce productive?
Cybersecurity issues to watch for
Every industry has compliance regulations that employers must observe to stay in good legal standing. Each interacts in its own unique way with things like data storage, access, and transmission. Not every job can be done in unsecured areas and still staying in compliance, so employers need to carefully assess the remote potential of each role.
Even outside of regulated industries, compliance acts like the California Consumer Protection Act and the General Data Protection Regulation (GDPR) have far-reaching implications for businesses. Not only are the nuances of these regulations difficult to implement under the best of circumstances, but this is also a unique and challenging scenario that requires careful handling. Don’t let best practices go out the window!
One of the biggest cybersecurity risks is the personal device. Whether smartphone or laptop, there are serious problems posed by using personal technology in a work setting involving sensitive information.
Employees might save documents to their desktops or send document drafts to their personal email. They may not have up-to-date anti-virus software or they may use outdated personal password protection. Physical breaches are also possible. A device could get stolen. A printed document could fall into the wrong hands.
Educate your personnel on best practices and make sure they have access to the latest in updates, patches and protection.
Coronavirus-related phishing attempts
Although most people consider it unlikely that they would fall victim to phishing or hacking, the fact of the matter is that these are anxious times. Hackers and cybercriminals are skilled at preying upon people’s anxieties in order to defraud them.
Provide training for your staff, even if they are already working remotely and have received this education in the past, on how to spot and avoid phishing attempts.
Under the current guidance from the Centers for Disease Control (CDC) and other governing bodies, individuals should be avoiding all public spaces. Therefore, working from a library or coffee shop is inadvisable. This suggestion hopefully mitigates the need to worry about insecure public networks. However, even when working from your home, make sure that your WiFi is set up securely.
If you are logging in remotely to your work computer, consider using a virtual private network (VPN). VPNs help maintain end-to-end encryption when accessing remote computers, increasing the security of data being transmitted.
Planning for success
Your employees want to get their job done correctly. Without the right tools, clear expectations, and guidance, though, they’ll be left playing a guessing game as to how they should proceed.
What can you do to make sure that you’re setting your workers up for success remotely?
If remote work is a new practice for your business, you’ll want to set standards, expectations, and processes in place for your staff. Some questions you’ll need to address include:
- Will they be working from their personal computers and devices?
- Do they have access to any necessary third-party or proprietary software?
- If so, how will they access it? Will they use a VPN? A remote desktop?
- What network conditions are optimal for employees? What do they need for a secure network connection?
Once you have accounted for these kinds of questions, document them so the information can function as an employee resource, create shared expectations, and provide a framework to build upon later if necessary. And while it may be difficult to achieve this given the short time frames that many workplaces are dealing with, it can be helpful to have employees test their critical systems before going remote with their work.
It’s an uneasy time for most Americans right now. There is a sense that the present biological threat of the coronavirus is more imminent than the more abstract threat of breaks in cybersecurity. But for remote working to effectively work, businesses must approach this new situation with a level head and a plan.