Both hybrid and remote work have become extremely common – if not the norm – now that the world has entered a post-pandemic era. Unfortunately, according to the results of a recent study, remote workers cost their employers more in losses from cybercrime in 2022 than did their in-the-office counterparts. In fact, the difference in financial loss between organizations with 50% remote workers or less and those with more than 50% is more than a half million dollars. This begs the question: Are your remote workers not only well-trained in cybersecurity measures, but also regularly reminded of the best cyber safety and cyber hygiene practices?
Here are some tips to help keep them on their toes…and ultimately, keep your organization safe.
Ideally, remote workers are safest when only using devices approved – and updated regularly – by your organization. If they can, they should avoid using personal computers, tablets and cellphones for work. As this is financially unrealistic for many organizations, you should stay on top of them to be sure they running the most current operating systems, web browsers and applications. Additionally, it is critical that up-to-date antivirus software is installed on every device they use for work. And finally, stress that keeping their work devices secure in a physical sense is also essential. Remind them to never leave devices unattended in public, to log out of all work-related sites when done accessing them, and to enable tracking for each device in the unfortunate event of loss or theft.
Remind users to only connect to trusted networks. Because public hotspots aren’t secure, emails discussing confidential business, as well as any other work of a proprietary nature should be avoided. When working from home, staff should keep their router’s software updated. You may also want to have them double-check that their Wi-Fi password is lengthy, complex, and unique. If it’s not, tell them to change it.
Phishing is by far the primary way organizations fall victim to hackers. And not only are hackers ALWAYS changing their tactics, folks working from outside the office may have new distractions: The dog is barking to go out. Someone rang the doorbell. Things like that could trigger a rushed reaction to a potentially dangerous email. Remote employees should not only be regularly trained on the latest phishing tactics, but also reminded from time to time to slow down and think before clicking on any links or attachments in an email. You may want to consider sending remote workers a cyber safety poster they can hang in their home office or on the fridge. This is a great way to keep them reminded of and alert to cybersecurity hazards when not in the workplace.
Set up multi-factor authentication
If your organization does not already have this, consider setting up MFA. By requiring your remote users to provide additional proof that they are who they say they are when logging in (via a one-time code sent to their phone or a more advanced method using biometrics), you help keep your organization safe from cyber-imposters.
Updates and patches at the office
One of the most important steps you can take to protect your remote employees from cybercrime is to keep your systems at the office current. Install patches and upgrades on your servers as soon as they are introduced.
One final tip: Remind your remote staff on a regular basis of your organization’s “best practices” and security policies for all work and online communication that happens away from the office. You might consider creating a 1- or 2-page document summarizing your policies, and have remote staff read and sign off on it semi-annually.