@Work | Technology

7 cybersecurity tips for organizations with remote workers

Employees working away from the office could be your company’s weakest link when trying to avoid a cyberattack, experts say

A Facebook IconFacebook A Twitter IconTwitter A Linkedin IconLinkedin An Email IconEmail

Young man on train, using smart phone and a laptop, while commutingA 2018 International Workplace Group study, surveying more than 18,000 business professionals across 96 countries, found that 70 per cent of employees are working at least one day a week outside of the office (Getty Images/gruizza)

Your HR manager is working from home, your digital marketing specialist Skypes into a meeting from a coffee shop and your CFO catches up on email at the airport.

Working remotely is not only common, it’s the norm, and it comes in many forms, with portable devices, free Wi-Fi and a versatile workforce contributing to the trend. A 2018 International Workplace Group (IWG) study, surveying more than 18,000 business professionals across 96 countries, found that 70 per cent of employees are working at least one day a week outside of the office.

When you’re unable to track where your employees are and their activity—including risky activities such as using public Wi-Fi networks or cross-using personal and professional devices—cybersecurity risks intensify.

“Staying up to date in cybersecurity is much like an ever-escalating arms race,” says Peter Tsai, senior tech analyst for Spiceworks, an IT professional network. “When enough companies improve their defenses, hackers will escalate by increasing their capacity to attack.”

However, you can put protections in place. Here are seven ways to keep remote workers in line and data in house.   

1. Invest in a VPN (virtual private network) or VNC (virtual network computing)

Whether you choose a VPN or VNC comes down to what resources the employee requires or how much access the organization wants to give them. 

A VPN gives users remote access to the company network, while encrypting data traffic and disguising the IP address. A VNC gives remote access to desktops without connecting to the network, offering greater security as restrictions can be placed on activities including file transfers. Though a VPN permits more access to resources, the chances of data theft and malware infection are greater than a VNC’s. 

2. Set-up Wi-Fi hotspots

To deter, or stop, the use of public Wi-Fi networks, companies can create Wi-Fi hotspots, which connect to a separate router or server, regulate access and can be login/password-protected.

According to Spiceworks’ 2019 State of IT report, 45 per cent of organizations are providing remote workers with mobile hotspot technology. “A dedicated connection to a trusted wireless provider’s network should be more secure than a random connection to a coffee shop’s shared Wi-Fi,” Tsai says. 

3. Manage passwords

Just as employees can be the weakest link with data security, so too can the passwords they use. Leaving your staff to manage the logins to the many applications they use daily is a breach in waiting. Password managers can alleviate this headache by offering a secure way for IT teams to store and manage the hundreds of passwords at once, while ensuring they are tough to crack in remote working environments.   

4. Enable two-factor authentication (2FA)

Considered a solution to password attacks, 2FA adds an additional layer of security, which confirms the validity of the user trying to access the system or account. Once the user inputs their log-in information (username and password), they are sent a numerical code—which changes every few seconds to prevent third-party access—via email, text and so on. They must enter this code to gain access. 

In a remote work situation, this extra layer of security proves useful, particularly when using applications including Slack, Basecamp and Dropbox. Typical business 2FA tools are RSA SecurID and Okta’s Single Sign On (SSO). “Two-factor authentication is one of those lovely technologies that fits into that middle ground because it’s a little bit of inconvenience for a lot more security,” says Satyamoorthy Kabilan, vice-president, policy, for Public Policy Forum.

5. Keep systems updated

It may seem obvious, but the IT department should be well-equipped for security maintenance including data backups, software/hardware upgrades and user-access adjustments. Other resources include network monitoring software to track how infrastructure is performing and employee activity and external audits to expose network weaknesses and strengthen defensive measures.

6. Try Bring Your Own Device (BYOD)

BYOD policies are more common as companies cut back on mobile phone plans, but according to the iPass Mobile Security Report 2018, which surveyed 500 CIO and IT decision-makers, 94 per cent of respondents believe these policies increase mobile security risk. A mobile device management (MDM) system, which can remotely wipe data from a phone, locate the phone if it’s lost and segregate data to keep personal and professional information separate, amongst other capabilities, is a viable solution. 

7. Curate cyber hygiene

According to the 2019 State of IT, 59 per cent of IT professionals believe employee security training tools are the most effective solution to prevent security incidents.

Staff—in-house or outsourced—must understand the dos and don’ts when not bound to a cubicle. If employing cloud-based solutions, both employees and clients must be trained on how to keep data safe. Remote working policies should not only be in place, but communicated, understood and practised, repeatedly. [See Cyber hygiene: Are your remote workers in the know?]

“In order to secure devices and data, companies need to adopt a holistic approach that address people, processes, and technology,” says Tsai. “Because people—who are often susceptible to phishing scams—are often the weakest link, end-user security training is perhaps one of the most important areas for organizations to focus on.”