Cybersecurity best practices for remote workforce

16 Nov 2021

The remote workforce has been growing for years, but the number of remote workers has recently spiked as entire workforces suddenly became remote. This dramatic change has left businesses and their workers vulnerable to security breaches and cybersecurity attacks.

In a March 2020 Public Service Announcement, the FBI raised an alert regarding a large increase in cybersecurity attacks specifically related to COVID-19. Although the focus of the warning addressed the stealing of personal information, businesses must be vigilant. The World Economic Forum’s 2020 Global Risk Report states cyberattacks are one of the greatest risks that businesses will face in the next decade.

Today’s sudden shift to a remote workforce has only increased the risk.

It’s not that companies haven’t had remote workers. Many have. Some have had mixed workforces with some employees working in an office, some remote, and some remote some of the time.

But as many workforces are now entirely working remote, they have become vulnerable to security threats for several reasons:

  1. The policies to ensure best practices for a fully remote work were not in place.
  2. They do not have infrastructure in place for large remote workforces.
  3. The change happened suddenly, combined with unexpected financial challenges.

This article will offer ways to address each challenge and best practices companies can implement to protect both their business and their employees. First, however, it’s important to know the types of cyberattacks your people are most likely to experience and where the gaps are that put you at risk.

The two typical cyberattacks on remote workers

Cybercriminals may have many ways they attack businesses but attacks on a business via its employees or on employees themselves take two main forms:

  • Phishing. Fake emails that look a lot like official communications from customers, vendors, or even internal company stakeholders are one method by which hackers steal personal or company information. While the emails are fake, they can look very real, especially with subject lines indicating updates on company news or news about COVID-19. Open one and you may find a link to a website designed to steal your information or it may simply release malicious software on the PC or network. To prevent this, users should always look at the “From” email address – not the name of the sender, but the email address itself; if it’s non-sensical, delete immediately.
  • Ransomware. Businesses everywhere have seen an increase in ransomware attacks, especially hospitals that cannot be without access to their technology.3 Here again, the cyberattack often arrives via an official looking email with an attachment. When opened it releases malicious software that locks down the system, holding it “hostage” until you pay the ransom. Cybercriminals use this attack expecting businesses – especially in the current environment – are more likely to pay than fight back. Read more about how to protect yourself from ransomware in "How to prevent ransomware attacks."

There are, of course, other cyberattacks including viruses, spyware, worms and others. Strong endpoint protection can catch most of these. Phishing and ransomware have a high degree of sophistication that require more than technology to stop them – it requires employee attention.

What companies can do to protect themselves

Despite the challenges, businesses can – and should – quickly address today’s challenges and protect themselves and their employees from cyber threats. This is especially true for small businesses who are at serious risk as cybercriminals view them as “low-hanging fruit” and for whom resources may be more limited.

 

Fortunately, with technology today, businesses of any size can affordably protect themselves with enterprise-level security.

 

Fortunately, with technology today, businesses of any size can affordably protect themselves with enterprise-level security. Here’s where to start. 

Establish security and use policies

You can, and probably should, approach this in two ways.

First, share articles and content with your team on data security and how to protect themselves. Your IT department or IT provider can likely provide you with useful, informative content. This is a quick way to build awareness.

Second, assemble your leadership and technology teams to define – in writing – policies and a plan to implement them. Policies should address both user behavior as well as company practices, technologies, and education to support users and protect your data.

While the specifics will vary from one company to another, they should include technologies like endpoint and network protection. Your policies should also address basic security measures including:

  • Passwords. Using strong passwords is a must. Passwords should be reset often, at least every 90 days. Weak passwords remain a problem for many businesses and individuals, which, while understandable with so many passwords needed today, does create a security risk. You want to educate your staff on what constitutes a strong password, require password updates regularly using alerts to remind users, and share tools they can use to simplify password management.
  • Use of mobile devices. Employees should not use personal devices for work-related activities. Company-issued devices should be secured with pin codes or passwords. Company devices should also never be shared or used for personal activities.
  • Education. Provide regular education to keep employees informed about current phishing scams and ransomware along with how to deal with suspicious notifications, emails and other communications in a safe way. Education is an essential part of policy to ensure all employees understand and are aware of their responsibility to keep company information secure.

Use these technologies and technology strategies

With a remote workforce, you have a lot of technology options to stay connected. To ensure secured connections, protect your data, and manage access, you should use the following technologies.

  • VPN. Implementing a virtual private network (VPN) provides employees secured access to your network. Unless you have gone to a cloud application-only infrastructure, you must use VPN to keep your network secured.
  • Multi-factor authentication. With multi-factor authentication (MFA), you add an extra level of protection around your network and data by requiring users to verify their log in credentials in multiple, independent ways. For example, you could have a user provide a randomly generated code sent to their mobile device or email address to complete logging into a system, after they have already entered their username and password.
  • Deploy advanced security measures. New ways to deliver technology make it possible for businesses of any size to deliver advanced security measures with a multi-layered approach to security. This protects your users and your data by combining multiple tactics and tools like network security, firewalls, antivirus applications, and others.

How to get the cybersecurity you need today

A sudden surge in remote workers presents both a technology and financial challenge for businesses. Fortunately, the technology is available and can, with a partner experienced in remote deployments, be implemented quickly.

In fact, working with a third-party IT services provider to deploy and manage your technology can help alleviate the burden on your limited or suddenly overwhelmed IT staff, while still ensuring your business stays connected. Plus, managed IT services typically create a more manageable and predictable budget. 

To find out if our cybersecurity services can help you protect your remote workforce, please contact us.

 

Source: https://www.ricoh-usa.com/en/insights/articles/cybersecurity-best-practices-for-remote-workforce-to-protect-business