Whether it was already part of the company structure or has recently been added due to COVID-19, many companies are offering employees the option to work from home full-time. No matter the size of the organization, this sort of shift comes with some challenges. That includes cybersecurity. Even if a business has a well-established security program for the office, they may not have the same protection set up for those working from home.
Increased Cyber Threats
When the pandemic hit, many companies were in a rush to get employees up and running with at-home offices as quickly as possible. While this may have prevented loss in business for the short-term, the long-term cyber risks could become a detrimental problem very soon. According to some cyber experts, the potential for large-scale attacks is rising as more and more employees work from home.
There are also many threat actors with time on their hands, out there looking for these prime opportunities. One of those heightened risks may come from people using personal devices for work while at home.
Using a personal device for business purposes can introduce several new threats that may not exist on a work computer in the office. For instance, many corporate devices are set up to not allow personal use. That can include private emails, social media, and other browsing that is not deemed necessary for the job. These restrictions help prevent potential threats like phishing or malware. When someone is using a personal device and does not take the proper safety measures to separate business and personal use, new threats are being introduced through that personal device into the business network.
Think of it like this: Your company’s network is similar to a home. When you leave or go to bed you are able to lock the doors and windows for basic safety. If you want to be more cautious, you add security cameras or alarm systems. When you allow an employee to work from home on an unprotected device this opens the house windows and doors. The threats are not necessarily new, but they are much more likely with less protection in place.
1. Educate Your Staff
So how can you begin to protect those remote workers if your company cannot afford to buy everyone a device with built-in protection? One way is to educate employees. Making sure your staff understands how surfing Facebook or Twitter could lead to a potential threat, or how opening Spam emails may put the entire company in jeopardy by risking loss of revenue or intellectual property. Education is a good place to start.
2. Offer Extra Protection
Next, offer protection. If you have an expectation of security for your business, you need to be sure to provide your employees with the tools to meet those standards. Consider looking into firewalls or extra security monitoring that will help protect your employees’ devices the same way you would protect a computer at the office. If you expect a certain software or device protection, you should be the one to provide it to the employees.
3. Establish Separate Profiles
Another simple way to protect the network while using personal devices is to establish separate profiles. If an employee can separate their work activity from their private internet use, there will be more protection for the company. Talk to your IT department about how to communicate that process to your staff and give your employees clear guidance on what the expectation is for these separate profiles. While one may be used for business emails and company documents, the other can access social media or online shopping. Separation of the two could help prevent unnecessary risk.
4. Setup Safeguards
As for the company’s responsibility, on top of providing education and security programs for remote workers, businesses can also set up systems to safeguard the network on the company’s end. One way to do that is to collect the IP addresses of all remote workers. This list can then be used to create restricted access to the company network.
With these IP addresses a business can allow access to only those addresses approved by the company. This approved list will allow remote workers the access they need, while limiting any outside intruders. Restrictions can also be placed on the time of day IP addresses are allowed into the network. If you prefer workers only see company data during business hours, set the limits and let your staff know their restrictions.
5. Review Old Habits
Now is the time to go over the current security measures in place. Whether it was a rushed decision to send employees to work from home, or a long-standing option for your business, this is a good time to be going over your policies and work from home procedures. Everything from VPN access to firewalls, and even the latest updates on software are important components of your security posture. Be sure everything is up to date and meets the same standards, if not higher, than what you expect from employees working within the office.
Security is Possible at Home
Working from home may be the best option for your employees at this time, and that can be done securely if you take the time to establish a proper cybersecurity program. Just because you may have rushed to make remote work possible does not mean you need to leave it as is now.
Educate your staff on cybersecurity practices. Provide the proper equipment and tools needed to keep their work secure. Setup extra security measures on the business network. And go over old policies and procedures to see what needs to be adapted to fit the changing times. With the right approach your staff can be more secure when working from home.
If you’re unsure of where to start with your business’s cybersecurity needs, reach out to a Pratum representative today to help guide you!