Your cybersecurity guide to working remotely this summer

The shift to remote work at the beginning of the pandemic took many businesses by surprise. Just 17% of employees were working remotely full time before covid, but this number has increased to 44% since the pandemic began. And they’ve gotten used to it: According to Owl Labs, 80% of people now expect to work from home at least three times per week. 

Even if you’ve shifted back to on-site work or a hybrid work environment, the remote infrastructure you have in place can keep people productive while traveling over the summer months.

Unfortunately, the shift to remote work also brought new opportunities for cybercriminals. One example is the increase in phishing and ransomware attacks, which are becoming up to four times more frequent, according to Trend Micro. The cyber threat to remote employees is very real. Here are some security tips for working remotely this summer and beyond.

Establish security controls and configurations

The first step to ensuring your remote employees – and your business assets – are secure is establishing the necessary security controls and configurations. Don’t just send your employees out and wish them luck.

Ensure your IT team has set up necessary precautions, including developing contingency plans like being able to remotely wipe compromised devices. In addition, several other security controls should be in place, including:

• Firewalls
• Endpoint detection and response
• Antivirus software
• Multi-factor authentication (MFA)
• File encryption

The CIS Controls provide comprehensive cybersecurity guidelines. Of course, remote device management and control configurations can be challenging if you rely on a small IT team. It’s time-consuming and takes away from other high-priority projects. A managed service provider (MSP) can provide the expertise and assistance you need.

Lay ground rules for working remotely

Your remote employees may have security measures in their home offices, but working on holiday presents a new set of challenges. It’s critical to lay ground rules and revisit them from time to time. Here are a few to consider.

Keep work data separate from personal data

In the age of BYOD (bring your own device) it’s impossible to keep remote workers off their personal devices. But work accounts and data must be kept separate. Here are our top 3 tips.

1. Always use company resources when exchanging documents and other information. For example, avoid sharing files from your personal Dropbox or sending emails from your personal account.
2. If you use a remote access portal or a cloud platform like Microsoft 365, avoid syncing files or emails to a personal device. Make it clear to employees that while these steps might seem tedious, they’re essential to minimize threats from malicious actors.
3. Make sure your IT team has an endpoint management solution in place so that lost, stolen, or hacked devices can be remotely wiped clean of company data.

Be cautious when working in public places

When traveling, you may be working in public locations like airports, hotels, and cafes. Cybercriminals take advantage of these public access points, so it’s essential to maintain a secure work environment. For secure remote access:

• Check for WPA (Wifi Protected Access) authentication, at a minimum
• Use a mobile hotspot
• Use a VPN

A remote-access VPN provides the most robust security. By implementing VPN access for your employees, you allow them secure remote access to your private network and the resources they need.

Keep your devices safe

Employees working while traveling often juggle several tasks at once. It’s easy to slip up and leave a device unattended. Remind employees to lock their devices before walking away, even if they’re leaving the device with friends, family, or coworkers. Even better, don’t leave devices unattended at all. All it takes is a few moments for a device to disappear.

Carry out cybersecurity awareness training for employees

Making your employees your first line of defense against cyberattacks is one of the most important steps you can take to protect your business. Ensure your workforce is up to date on:

• Phishing and ransomware. Today’s phishing schemes are highly sophisticated and the ransomware they deliver can be devastating. Attackers might pose as customers or business partners, or they might spoof the emails of colleagues or executives. Implement a zero-trust policy on all emails and attachments: question everything and report anything that seems out of the ordinary.
• Password policies. Require strong passwords and multi-factor authentication, and train your staff in their use. Password managers can remove the difficulty of creating and remembering multiple complex passwords.
• Your cyber incident response plan. Review your response plan with your employees and ensure each team member knows their responsibilities.
• Your remote work security policies. Review your policies and keep them readily available for employee review.

Remote is the new normal

More than half of employees surveyed earlier this year said they prefer remote work, and it is expected to become a big draw for top talent. Manage the productivity and security of your workforce by securing devices, establishing clear policies, and communicating those policies. 

If you have a lean IT team, Umbrella can help you develop those policies, configure devices, carry out employee training, and more. Contact us today to find out how we can help you maintain a secure remote work environment this summer.