While laptops, tablets, and smartphones are necessary tools for any remote worker, they are also susceptible to unique vulnerabilities that cybercriminals can exploit to gain access to your website, network, and other sensitive data.
Whether employees work from the spare bedroom, a neighborhood coffee shop, or even on an office Wi-Fi network, there are three key ways they can endanger company security. Here's how you can keep your remote employees safe.
1. Avoid using public unsecured Wi-Fi networks
If you look around any coffee shop these days, chances are most customers are working away on a laptop. According to Spiceworks data, 61 percent of organizations said employees connect to public Wi-Fi networks from company-owned devices when working remotely.
Although widely used for convenience, public Wi-Fi networks are actually a common vector for cyber threats. Typically, these networks are not secure, making insecure traffic, including sensitive data and log-in credentials, easy to intercept by a hacker. Hackers can also use unsecured Wi-Fi networks to distribute malware or spoof a public Wi-Fi network to draw in users and capture their data.
Another cyber threat to be aware of is Wi-Fi phishing. Wi-Fi phishing is when an attacker creates a web page that looks exactly like a legitimate page on your company's website, such as a commonly used email sign-in page. When an employee unknowingly encounters a page that looks legitimate--but isn't--and then enters credentials, he or she is actually communicating directly with a hacker.
It may come as a surprise, but a third type of threat to be aware of is your own home office Wi-Fi network. An unsecured home office Wi-Fi network can be accessed through harmless-looking--but vulnerable--IP-enabled devices like security cameras, wireless video equipment, and even network-connected thermostats. Unsecured IP-enabled devices are easy to hack, meaning an attacker can breach the network and move straight to your website or other assets.
Require remote employees to use a virtual private network (VPN) that enables users to connect securely to your business, even on a questionable Wi-Fi network. You can also provide employees with personal hotspots, so they don't need to use public Wi-Fi at all.
2. Share information about cybersecurity best practices.
As many security experts can attest, humans are the weakest link in a security strategy. All employees, whether onsite or remote, are vulnerable to threats, such as phishing attacks. It's likely that at some point, an employee may inevitably, and unknowingly, click on a malicious attachment, fake web page, or malicious URL.
That's why it's important to educate all employees about cybersecurity. For example, phishing emails are cleverly crafted to convince users to provide credentials, download infected attachments, or click on a malicious URL.
To help combat this threat, small businesses are increasingly realizing the value of cybersecurity training. In fact, employee security training is expected to be one of the most-adopted solutions in 2019 for small and medium businesses, according to the Spiceworks 2019 State of IT survey.
Set up regular employee security trainings to review the latest cybersecurity threats, how to spot scams, and understand any company policy for reducing risk. Small businesses with limited resources can turn to outside experts to provide affordable security training customized to their needs.
3. Don't disregard endpoint security.
Endpoint security refers to securing local resources such as software, applications, and operating systems that employees utilize on their devices. For businesses with remote employees, endpoint security offers a last line of defense against cybercriminals attempting to launch attacks against their integral systems. Endpoint security can take many forms, most notably updating software and operating systems by using anti-virus software, and network firewalls.
The 2018 State of Endpoint Security Risk Report shows that the average time to patch critical software and operating systems is 102 days, leaving sensitive data and systems potentially vulnerable to attack for over three months. Cybercriminals can exploit outdated software to gain a foothold in your network and access valuable targets, such as administrator credentials, intellectual property, and customer data. Ensuring all your systems, browsers, and apps are updated can combat potential vulnerabilities.
Ensure that all company-owned devices have the most current software versions and are set up to resolve any security issues with automatic updates. Pre-installing malware scanners and a VPN are crucial to a proactive security plan. You can also enable local firewalls on all employee-issued devices to provide an additional layer of protection. For employees who use their own devices, providing licenses for anti-virus and VPN software can encourage employees to stay secure.
In an age where digital mobility is enabling employees to work remotely, it's important to be aware of the potential cybersecurity vulnerabilities this brings to your business. Although companies will face some risks with remote employees, implementing best practices such as using a VPN, providing employee training, and ensuring local resources are secure can give employees the freedom to work remotely while increasing the security of the organization overall.