How to maintain cybersecurity, safeguard data with a largely remote workforce
In March 2020, when most businesses (that could) went fully remote, employers had concerns about costs related to lost productivity, a pause in commercial business, and an economic slowdown that could take years to recover from—something smaller businesses feared they may not survive. Cybersecurity wasn’t necessarily on their radar yet; there was a global pandemic to worry about. But that changed quickly, especially for those organizations that had little time to prepare for the remote-work situation they now faced.
“One of the biggest impacts COVID-19 has had on businesses is the rapid transformation of an enterprise into remote working teams,” says Junaid Jeewa, Director of IT Operations for G&A Partners. “A lot of organizations that had their cybersecurity practices focused around their offices had to refocus those practices around their people and data.”
This was no easy task. Many remote workers weren’t prepared to work full time from home. They faced inconveniences that affected their productivity, including technological challenges such as:
- Too little bandwidth on their home Internet service (some had no Internet service)
- No access to a company-issued computer, which forced them to work via mobile device (cell phones and tablets) or on their own personal computers
The result was an online environment even more vulnerable to cybercriminal activity.
Phishing and other cybercrimes target newly remote workforce
With the widespread adoption of cloud computing, cyber criminals have many avenues into an organization’s or individual’s private online accounts. Most people suddenly and unexpectedly thrust into a remote work environment due to COVID-19 had little or no training on how to protect and secure their data while at home, and the incidences of fraud and theft skyrocketed.
Throughout 2020, phishing has remained one of the most common ways criminals have been able to perform cyberattacks, exploiting computer systems and technology-dependent enterprises and networks. Phishing involves the luring of individuals via email, phone call, or text to provide sensitive information to an individual or group posing as a legitimate institution.
Using fear-based tactics, these cybercriminals drive home a sense of urgency that can cause their victims to innocently offer sensitive data or personally identifiable information (PII). This information can ultimately be used to perform a number of data breaches and to steal funds. Additional consequences of a cyberattack can include:
- Identity theft
- Website defacement
- Private and public web browser exploits
- Instant messaging abuse
- Intellectual property theft or unauthorized access
Use a multilayered-security approach to guard against cybercriminals
With so much at stake, Jeewa says it’s imperative that organizations invest in proactive security monitoring and management tools that will protect their data and their employees’ sensitive information. Building a firewall around each individual team member and encouraging all employees to learn safe Internet practices will take time but will pay off in the end.
“To keep up with the never-ending stream of new cyber threats, a small investment in staff education goes a long way because the human element is often the weakest link in the chain,” Jeewa says. “All security measures come down to the persons handling the client data.”
He recommends employing a “multilayered security approach” and building out data-security processes that require visual and verbal confirmations to ensure proper authentication for important requests or approvals—especially those that are financial transactions.
To ensure there are fewer dark corners where cybercriminals can hide, employees and clients should be kept aware of potential security threats and receive regular training and communication from your organization.
Practice until cybersecurity becomes second nature
NortonLifeLock commonly refers to good cybersecurity habits as “cyber hygiene.” In her article, “Good cyber hygiene habits to help stay safe online,” Norton’s Jennifer van der Kleut writes that you should train yourself “to think proactively about your cybersecurity,” just like you would make a habit of brushing your teeth and bathing regularly to maintain your health.
When it comes to encouraging secure online habits and data management at your organization, practice makes perfect. And if employees perform a list of cybersecurity tasks so often it becomes second nature, your organization will, as a result, be more secure.
The easier it is to practice cyber health, the easier it will be to make it a habit. While good habits are important, they do require unrestricted access to the right tools, so ensure your employees have:
- Company-issued laptops and devices or personal computers with reputable antivirus and malware software
- A network firewall
- Password protection
These basic tools will help you and your employees ensure data remains secure. Jeewa also recommends that you encourage the following five safeguards be taken by every remote worker, every day:
- Always use complex passwords and do not share the passwords between two systems.
- Always use secure data-transfer methods to send and receive client data; never send PII in email attachments.
- Take extreme care when communicating with clients and prospects via email. Email phishing scams can often target social connections in an attempt to take advantage of you or your company.
- Use multi-factor authentication where available to ensure data privacy and secrecy.
- Always use alternative measures to confirm critical changes such as financial transactions, online payments, or client authentication.
Routine maintenance is critical for a safe remote-work environment
With health-safety measures in place due to the pandemic, many companies are maintaining a full or partial remote workforce. Your organization might even have discovered that money can be saved on overhead, employees can more easily be accommodated, and important relationships can still be maintained in a virtual environment. But for your remote workforce to remain successful, your organization will need to “undergo a cybersecurity review to ensure all necessary data compliance and governance guidelines are applied,” Jeewa says.
“It is evident that remote work is going to stay even after COVID-19 is gone,” he says. “Remote work has blurred the boundaries and organizations have to accommodate the new model by expanding and rearranging the cybersecurity perimeter where the data resides and where the subscribers are.”
If your organization is able to fully engage in safe online habits, and if you commit to educating your employees on what to watch out for and how to react when they suspect a cyber threat, you can keep your team and your customers safe from cyberattacks—no matter where your employees are stationed.