Many businesses today operate with a dispersed workforce and little or no office space. And with the COVID-19 pandemic forcing even more businesses, if only temporarily, to operate largely online, it’s more important than ever to implement cyber security measures for employees working remotely from home offices.
Cloud computing, broadband connectivity, and increasingly powerful collaboration tools can enable dispersed businesses to succeed. But this model can also create special cyber risks. Employees may be working in new ways, using unfamiliar software, and accessing services with less secure hardware. Cyber criminals know that, with more people online, there are more ways to take advantage of vulnerabilities and mistakes to gain access to protected and personal information.
Business leaders and risk managers can help limit cyber risks when operating with a remote workforce by implementing strong cyber security practices and clear work-from-home policies. Follow these tips for operating your business securely online.
Cyber Risk Management Business Practices
You can lay the groundwork for strong cyber security through the following practices:
- Update your software and network regularly. Remote access technologies are especially vulnerable to hacking. You must consistently update device firmware and software with the most recent security configurations and patches. Outdated hardware should also be replaced as needed.
- Use company-issued devices. Depending on your resources and the nature of your business, you may want to require employees to use only computers and mobile phones provided by your business and set up by your IT department.
- Allocate enough IT resources to support your remote workforce. When your employees are working from home, you’ll need to ensure that sufficient IT resources are available to enable secure access to the company networks and online tools. You may also need to take steps to increase network bandwidth, data storage capabilities, computing power, and IT support.
- Plan for cyber security exceptions. If your workforce is forced to shift abruptly to remote work, IT resources can be stretched thin. You may need to make exceptions to cyber security policies to keep your business operating. To address this issue, establish a policy for granting and monitoring IT security exceptions.
- Prepare for worst case scenarios. Along with implementing strong cyber security practices it’s important to be ready to respond to and recover from a potentially debilitating attack. Be sure to align your cyber incident response planning with your company’s overall business continuity strategy.
Cyber Security Policies for Employees
Unfortunately, employees can be the weakest link when it comes to cyber security. A single weak password or click on a malicious link can undermine your cyber protections and lead to a costly hacking incident.
With a dispersed workforce, you’ll need your employees to step up their vigilance and be fully engaged team players in preventing cyber attacks. Underline the need to:
- Connect securely. Employees should only connect to your organisation’s network and online resources through a Virtual Private Network (VPN) service that you provide.
- Use strong passwords. Require employees to use unique, complex passwords to access your network, data, and services. Password management software can help employees create, use, and frequently change their passwords.
- Employ multi-factor authentication. Whenever possible, require multi-factor authentication log-ins—such as a code texted to a phone in addition to a password—which are more secure than user ID and password log-ins.
- Reject requests for information from unknown sources. Caution employees against providing sensitive information requested from uncertain sources. They should also be made aware that hackers will try to spoof trusted sources to collect confidential information and security credentials.
- Take care when clicking on links, opening attachments, and downloading software. Hackers will attempt to gain access to networks and data by sending deceptive emails with malicious links or attachments. Make sure your employees are instructed to verify sources when in doubt, and type in URLs rather than following links.
In addition, consider establishing an IT security training program that educates your employees about cyber risk and security practices during onboarding, with refreshers on an annual basis. You may even want to include cyber security compliance in employee reviews and evaluations