Skip To Main Content
Young man on train, using smart phone and a laptop, while commuting

6 cybersecurity tips for organizations with remote workers

Employees working away from the office could be your company’s weakest link when trying to avoid a cyberattack, experts say

Young man on train, using smart phone and a laptop, while commutingA 2018 International Workplace Group study, surveying more than 18,000 business professionals across 96 countries, found that 70 per cent of employees are working at least one day a week outside of the office (Getty Images/gruizza)

The COVID-19 pandemic hit* and suddenly all your employees are forced to work remotely.

You may have a work-from-home policy in place—a 2018 International Workplace Group (IWG) study found that 70 per cent of employees were working at least one day a week outside of the office—but it doesn’t account for every employee working off-site at the same time, a reduced ability to track their activity and a shift in IT priorities.

Limited resources—such as a restricted number of company laptops or mobile phones, that force employees to use their own personal devices for work purposes—intensify cybersecurity risks, say experts.

“Staying up to date in cybersecurity is much like an ever-escalating arms race,” says Peter Tsai, senior tech analyst for Spiceworks, an IT professional network. “When enough companies improve their defenses, hackers will escalate by increasing their capacity to attack.”

However, you can put protections in place. Here are six ways to keep remote workers in line and data in house.   

1. Invest in a VPN (virtual private network) or VNC (virtual network computing)

Whether you choose a VPN or VNC comes down to what resources the employee requires or how much access the organization wants to give them. 

A VPN gives users remote access to the company network, while encrypting data traffic and disguising the IP address. A VNC gives remote access to desktops without connecting to the network, offering greater security as restrictions can be placed on activities including file transfers. Though a VPN permits more access to resources, the chances of data theft and malware infection are greater than a VNC’s. 

2. Manage passwords

Just as employees can be the weakest link with data security, so too can the passwords they use. Leaving your staff to manage the logins to the many applications they use daily is a breach in waiting. Password managers can alleviate this headache by offering a secure way for IT teams to store and manage the hundreds of passwords at once, while ensuring they are tough to crack in remote working environments.   

3. Enable two-factor authentication (2FA)

Considered a solution to password attacks, 2FA adds an additional layer of security, which confirms the validity of the user trying to access the system or account. Once the user inputs their log-in information (username and password), they are sent a numerical code—which changes every few seconds to prevent third-party access—via email, text and so on. They must enter this code to gain access. 

In a remote work situation, this extra layer of security proves useful, particularly when using applications including Slack, Basecamp and Dropbox. Typical business 2FA tools are RSA SecurID and Okta’s Single Sign On (SSO). “Two-factor authentication is one of those lovely technologies that fits into that middle ground because it’s a little bit of inconvenience for a lot more security,” says Satyamoorthy Kabilan, vice-president, policy, for Public Policy Forum.

4. Keep systems updated

It may seem obvious, but the IT department should be well-equipped for security maintenance including data backups, software/hardware upgrades and user-access adjustments. Other resources include network monitoring software to track how infrastructure is performing and employee activity and external audits to expose network weaknesses and strengthen defensive measures.

5. Try Bring Your Own Device (BYOD)

BYOD policies are more common as companies cut back on mobile phone plans, but according to the iPass Mobile Security Report 2018, which surveyed 500 CIO and IT decision-makers, 94 per cent of respondents believe these policies increase mobile security risk. A mobile device management (MDM) system, which can remotely wipe data from a phone, locate the phone if it’s lost and segregate data to keep personal and professional information separate, amongst other capabilities, is a viable solution. 

6. Curate cyber hygiene

According to the 2019 State of IT, 59 per cent of IT professionals believe employee security training tools are the most effective solution to prevent security incidents.

Staff—in-house or outsourced—must understand the dos and don’ts when not bound to a cubicle. If employing cloud-based solutions, both employees and clients must be trained on how to keep data safe. Remote working policies should not only be in place, but communicated, understood and practised, repeatedly. [See Cyber hygiene: Are your remote workers in the know?]

“In order to secure devices and data, companies need to adopt a holistic approach that address people, processes, and technology,” says Tsai. “Because people—who are often susceptible to phishing scams—are often the weakest link, end-user security training is perhaps one of the most important areas for organizations to focus on.” 

*This article was updated on March 25, 2020, to include information about the COVID-19 crisis.