The COVID-19 pandemic of 2020 has forced companies all over the world to adapt their working practices at lightning speed, and a big part of this has been the widespread increase in remote working. While working from home can have many benefits for both employer and employee (a better work-life balance, increased flexibility, and, arguably, greater productivity), there is no denying that it also throws up a lot of questions about cybersecurity. How can you protect your business’s sensitive information and reputation when you are not in control of the endpoint devices being used? Here we outline the main cybersecurity risks associated with remote working to help companies like yours who are considering introducing a remote working policy.
Employees accessing sensitive information via insecure Wi-Fi
The Wi-Fi that your employees use to access your business network, whether they are their own home network or anywhere else, should be secured using a VPN connection. If they are not, others using the same Wi-Fi network can spy on them and access sensitive information and unencrypted data about your business.
Employees using their personal devices for work
Many people who work from home will use their home devices for at least some of their work, but this is a potentially dangerous practice. In addition, many companies now operate a “Bring Your Own Device” (BYOD) policy. In these cases, you do not know how secure their personal device is or how regularly they update their software (out of date software is more vulnerable to cyberattacks). If that employee leaves the business, they will have confidential business information stored on their device, which could also pose a security risk.
Employees failing to protect devices/information when working in public places
While cybersecurity is the focus of this article, it is important to remember that physical security is also a concern. When an employee is working in a public place, they may conduct virtual meetings or have phone conversations, which include sensitive information, leave the screen of their laptop exposed to whoever is nearby or even leave the device completely unattended. It would be wonderful if we could operate in the knowledge that everybody is trustworthy, but unfortunately, there are plenty of opportunists who out there who could steal passwords or data or simply take the whole device for their own benefit. In fact, many cybercriminals will actively seek out people working on devices in public places, hoping that they will slip up and allow them access.
Your policy should either forbid employees from using their devices in public places or should at least be aware of the potential threats and well-versed in how to work securely.
How to create a secure remote working policy
When you cannot have complete control over the devices accessing your network, you need to create a remote working policy that minimizes the cybersecurity risks involved in remote work. You should consider:
- The roles in your organization that can be performed remotely.
- The platforms, tools, and software they will be using.
- The steps employees need to follow to maintain the security of the network.
- The steps employees need to follow at the first sign of suspicious activity.
To get expert support and advice on creating a remote working policy and ensuring your network is as secure as possible, contact ORAM Corporate Advisors today.