Best Practices for Cybersecurity When Working from Home
Working from home has now become a global norm. A little over a year ago, about 17% of the US workforce was working remotely 5+ days per week. Post-pandemic that number has now jumped to 44% of full-time remote workers.
Along with this major shift in the work environment has come issues related to network security. A company “network” is no longer relegated to a single building, it now expands to remote and mobile employees.
No matter where someone is working they need:
- Device security
- Wi-Fi security
- Cloud security
- Data security
Remote working security hasn’t always been addressed well by businesses. In the rush to put cloud services in place and enable remote teams, the cybersecurity ball was dropped in many cases.
Since the pandemic began, 20% of surveyed businesses say they’ve experienced a security incident as a result of a remote worker.
But it’s not too late to address remote team security. All it takes is adopting best practices and putting them in place now and for future WFH employees.
How to Secure Remote Employees
Virtual Private Network
How do you know your employees’ Wi-Fi networks are properly secured? What about all those unsecure devices (like a child’s iPad) that a business computer might be sharing a network with?
The best way to secure your remote team connections is through a business VPN (virtual private network).
VPNs encrypt all internet connections and also mask personal IP addresses for security. No matter what device an employee is using (computer, smartphone, tablet), the VPN connection is secure.
Phishing attacks have skyrocketed as a result of the pandemic and a majority of them use links to malicious phishing sites rather than a file attachment. This helps them get past anti-malware programs.
97% of people can’t recognize a sophisticated phishing email as dangerous.
Web filtering (also called DNS filtering) is a vital anti-phishing safeguard to block malicious websites even after a user has clicked on a phishing link.
Device Monitoring and Update Management
Your employee computers need to be just as protected as they would be if they were located in your office building. This means ongoing device health monitoring and update management to ensure that updates and security patches are installed in a timely manner.
The best way to do this is through managed IT services which are handled remotely and can help ensure both device performance and security.
Both computers and mobile devices need to have antivirus/anti-malware installed (and not the free kind!). Ransomware is more dangerous than ever, and remote employees don’t have the same opportunity to ask a coworker at the next desk for a second opinion on whether an email looks legitimate or not.
Don’t just assume that your WFH employees know to keep a good antivirus application on their system, give them the tools they need to stay protected.
Use of a Guest Network
A good rule of thumb to keep work related devices separate from home devices (which may be less secure) is to set up a guest network on the router.
This is easy to do and simply involves going into the router settings and enabling the guest network option.
All work devices can then be put on a separate network, which keeps them secure in the case of a breach of an IoT or other home device.
Implement Email Filtering
Approximately 94% of malware is delivered by email. The more phishing you can keep out of employee inboxes, the less vulnerable your network is to a breach.
Email filtering that quarantines spam and phishing emails can significantly cut down on the dangerous messages your team receives and give them less “junk” email overall to have to sort through on a daily basis.
Use Multi-Factor Authentication for All Logins
Cloud accounts are what enable people to work from anywhere. But they’re often only protected by the least secure employee password. 77% of cloud account data breaches are due to compromised login credentials.
The best way to keep your cloud accounts secure and ensure your remote team doesn’t have their Microsoft 365, Google Workspace, or other company account hacked is to use multi-factor authentication (MFA).
With MFA enabled, hackers are stopped in their tracks even if they have an employee’s password, because they most likely will not have the device that receives the MFA code required to complete the login.
You can have the MFA experience streamlined by use of a single sign-on (SSO) solution that allows employees access to all their work apps after going through the sign-in process once.
Get Help Securing Your Work-From-Home Employees
C Solutions can help your Orlando area business with the cybersecurity safeguards you need for a secure and productive remote workforce.
Schedule a free consultation today! Call 407-536-8381 or reach us online.