It looks like working from home is here to stay to some extent for the foreseeable future, which means that cybersecurity for remote workers is more important than ever. With over 70% of people working from home at least once per week, if you aren’t already paying close attention to the cybersecurity risks of working from home, it’s time to start.
Some people love working from home all of the time; some people love the office. Some people like a mix. But whatever your feelings on home working, it has created some technical challenges, particularly with cybersecurity.
[youtube https://www.youtube.com/watch?v=V07xZn50dpQ]
At the start of the outbreak, many businesses asked staff members to work from home without any guidance or IT policies. It seems that, in general, very little has changed in terms of cybersecurity for remote workers.
Whether your team is working from home, the office or both in this post-lockdown new normal, it’s still your responsibility as a business owner or senior manager to ensure that they are working securely.
Remote Work Cybersecurity Tips
- Centralised Storage
- Home WiFi Security
- Their WiFi password should be complex, secure, and not widely known.
- The name of the SSID (the WiFi name) should be changed, so it doesn’t easily identify you. For example, you shouldn’t use your family name or street address.
- Encryption should be enabled. This can be done via the router security settings and should be WPA or WPA2.
- The default router admin password should be changed so it can’t be easily accessed.
- Device Encryption
- Authentication
- Use VPN for Applications
- Email Security
- Personal emails: Have a company policy that states that personal email accounts shouldn’t be used. You must keep all correspondence in your company email system. Former health secretary Matt Hancock used his personal email address for official business. As a result, the government has no record of much of his decision-making during the Covid-19 pandemic.
- Sensitive data: Email isn’t always a secure communication method, so make sure that people don’t share sensitive or private information over email without extra security such as encryption.
- Phishing: Make sure everyone is vigilant to phishing attacks. Phishing attacks are where cybercriminals send emails in the hope that you’ll click on something and enter your personal details or click on an attachment. These are on the rise – see our previous blog post on spotting phishing emails using the DAC method for more tips.
- Home Workspace
- Printing Documents
- Have a policy that your team understands on printing documents at home. Make them aware of the implications and how they can securely store them at home until they can bring them into the office and shred them.
- Put a technical control in place to prevent people from printing documents at home altogether.
- Double Down on Patch Management
- Video Conferencing Security
- Policies
- Supply Work Devices