The sudden and significant transition to remote work is an opportunity to remind the workforce of important security best practices
No matter where employees work, IT security is critical. Yet maintaining and protecting a remote workforce — especially on a large scale — presents new challenges.
The good news: Many security practices that work in the traditional office environment also apply to work-from-home scenarios.
That said, now is the time to lock down remote security measures and take advantage of implementing robust tools. Here are some best practices to reduce remote work security risks, while ensuring the safety of employees, their devices, and corporate systems.
Ensure protected access. If your company hasn’t moved to multifactor authentication (MFA), now is a good time. Protecting identity and access across remote locations is made easier with this technology, which requires two or more identity-driven credentials to grant access to applications. To reduce the potential impact of unauthorized attacks, some solutions like email and banking software enable MFA capabilities as part of their services.
Another easy win is to always encourage employees to change default passwords to strong passwords (think long in characters, 12 or more) that are unique to each account) . Home routers, computers and software should all be updated to the latest versions and operating systems which tend to include security patches. This helps to prevent others from being able to tap into home-based wireless networks.
Similarly, computers, laptops, and mobile devices that access corporate applications and networks should be password protected with stringent requirements. Common and easily guessed passwords should be avoided.
Be aware of potential phishing emails. For example, cyberattacks have doubled with the COVID-19 outbreak, according to a Reuters report. Bad actors take advantage of fear, confusion, and the preponderance of people working from home to launch new phishing emails and malware.
Employees should ask themselves: Do I recognize the sender and was I expecting this email? Is there a sense of urgency for my attention? Are there links and attachments in the email? They should be advised to not click on any links or open any attachments until IT or Security can verify the email is legitimate.
Ensure safe downloads and file sharing. Employees should remain cautious of downloading random applications or software to avoid malware, viruses, or insecure protocols. If they’re unsure, they should check with IT support or their Security team.
Also, remind remote workers to be careful when sharing confidential data. They should use company-issued apps for file sharing, storage of confidential documents, and communication. Let them know this is for their own safety, too, that the company has protective measures around these apps and can monitor for suspicious behavior.
Consistently communicate with your employees. Ultimately, keeping everyone informed on how to secure their home technologies and practice security in their everyday lives trumps technologies. Maintain communication in a variety of communication channels, to keep them up-to-date on the latest security threats and how to reduce their risk to their personal, and company information. Make sure your security and IT experts are household names, available for questions and sharing red flags.
Lastly, drive the message home that security is everyone’s responsibility and only works if everyone does their part.
Take extra precautions during virtual meetings. Remote workers will increasingly rely on video conferencing to collaborate at a distance. Ideally, the solution your company provides offers these capabilities:
- Enhanced privacy measures. To avoid unwanted or uninvited attendees to video calls, the host should ensure the “lock meeting” feature is turned on.
- Password-protect meetings. The organizer can establish a password-protected meeting. In these cases, the host must be sure to share the password with invited guests.
- Manage secure access to content. To prevent unauthorized individuals from downloading content during a video conference call, the organizer should check content sharing settings. They can be customized to let all attendees or just specific people access meeting content.