Cybersecurity Best Practices for the Work-From-Home Era

.

Kimberlee Morrison

Content Strategist at Coplex

Over the last few months, working from home has become the norm for many people and companies. While this is a new experience for some, the work-from-home trend is not. The number of people working remotely grew more than 90% over the last decade; however, the pandemic accelerated the trend, ushering in a new work-from-home era. Some businesses were able to make this transition seamlessly, with tech companies declaring — or at least considering — making work-from-home the permanent default. For others the shift continues to be a struggle, and they’re longing for the day they can return to communal office spaces.

The sudden mass exodus from corporate HQ office culture to a remote workforce has increased pressure on the tech security infrastructure. Many turned to Zoom as the default virtual meeting tool, which exposed serious security vulnerabilities and called into question whether or not the platform was appropriate for use in highly regulated industries like education and healthcare. 

Fortunately Zoom was able to act quickly to shore up its security and encryption. Still, the new work-from-home reality has opened the door to a host of new cybersecurity risks.


New Cybersecurity Risk Factors

The current circumstances create a perfect storm for vulnerable security networks. Cyberattacks are on the rise across the board, with telehealth and healthcare vendors the biggest targets. Between March and April of this year, cybersecurity alerts for the most popular telehealth applications increased 30%. As malware and phishing scam alerts decreased 77%, incidents against vendors spiked nearly 120%, suggesting a shift from targeting healthcare providers to targeting 3rd party supply chain vendors.

Healthcare and other highly regulated industries probably bear the brunt of the surge in cyberattacks due to accelerated digital transformation. However, around the world and across industries, companies have had to take action to mitigate the unexpected cybersecurity concerns related to the rapid move to work-from-home ubiquity. 

Pre-pandemic, most organizations relied on internal networks and firewalls to limit security risks. Without those internal networks, companies have to rely more on employees to be vigilant about cybersecurity. But let’s face it, BYOD policies were already a security challenge; now we’re talking about bringing your own network. 

On top of working from home for the first time, many people are also dealing with additional family responsibilities, and the general stress of having their whole life disrupted by a global health crisis. The additional stress and distractions can cause even the most security-minded employees to lower their guard. Leaders can help by offering employees tools, resources, and techniques for managing stress

The rapid transition from office-based network security to the BYO-WiFi reality of working from home, may be an unexpected challenge, but there’s no need to be a victim of circumstance. It’s not too late to take action to protect your network from the new cybersecurity risks. Here are some best practices to consider. 

Education is Key

Your employees are the most likely target of a cyberattack, but they’re also your first line of defense when it comes to keeping your company data and networks secure. Providing cybersecurity training can help raise awareness and facilitate a security-minded culture. Make this training part of the onboarding process for new hires, and offer periodic, mandatory refreshers for the entire organization.

Your training should help employees understand the importance of company data and their role in keeping it secure. If you haven’t already, implement and provide documentation for strong passwords and 2-factor authentication requirements. It’s also important to teach employees how to identify and report security threats. 

You might even consider sending out periodic notifications about new or emerging threats for employees to keep an eye out for. For instance, during the pandemic, there was a flood of coronavirus related spam and phishing emails. Remind employees that when in doubt, avoid clicking links and downloading attachments in suspicious emails. Even if the email looks official, if they’re not sure, they should go directly to the official website to verify. 

BYOD or Not to BYOD?

According to an IBM study, more than 50% of the newly working from home are doing so on personal devices, with no new tools or guidance to keep them secure. Not only are these devices connected to their home networks — some of which might be unsecured — they’re often using the same devices for work and personal activities. This lack of separation increases the risks of data leaks, particularly when personal devices are used by multiple people within the household.

The best way to create separation between corporate and personal data is to provide employees with a company device for day-to-day use. Company devices can be managed centrally and give the company more control, right down to which apps can be used and downloaded, and pushing important updates.

Employees at smaller businesses are less likely to have a company issued computer, and issuing one might not be an option. Another alternative is to use a device manager, which enables the company to grant secure access to company data on personal devices.
 

BYO-Wifi Security Concerns

Just because your employees have wireless access to the internet from home doesn’t make those networks safe. Let’s just go ahead and say that wireless networks are inherently vulnerable, which is why we have to create such elaborate security protocols for them. Don’t make any assumptions about whether or not your employee’s home networks are secure — provide guidelines to help them develop stronger security.

Setting a strong password for wireless home networks is an important, basic protocol. Even better: encourage employees to use wired connections for their home offices. Wired networks are more secure than wireless ones, they are also faster and more reliable. You could even take it a step further and provide the necessary equipment to ensure wired access.

People might not be spending a lot of time working from coffee shops at the moment, but remind employees that public wifi is not secure and should not be used to access company data. Any information transmitted over public wifi is accessible to anyone else using the network. If flexibility and the ability to connect wherever the employee wants to work is important, set up a VPN (or virtual private network) to create another layer of security.

Codify your Cybersecurity Policies

Remember that part of protecting your company data is creating a security-minded culture. Codify and document all of your cybersecurity policies and store them with other company policy documents. It’s also important to let these documents evolve as new technology and threats emerge. 

Highly regulated industries like healthcare aren’t the only ones that have to think about maintaining strong digital network security. No matter the industry, the reality is that most companies store sensitive employee and customer data. As the threats to cybersecurity become more numerous and aggressive, it’s your responsibility to be proactive about keeping that data safe and secure.