Remote work has become a norm for many of us, but it’s not all sunshine and rainbows. Cyber security risks are lurking around every corner, and they can leave you feeling vulnerable and exposed. But fear not, dear reader! We’ve got you covered with some practical tips on how to reduce those risks and sleep soundly at night. And by “sleep like a baby,” we don’t mean waking up crying and wet. We mean peacefully, like a well-rested adult.
So, let’s dive into the nuts and bolts of the cyber security risks of remote work to keep our virtual doors locked and secure.
Hit Me With Some Big Cyber Security Risks of Remote Working
Pleasure. There’s a ton, and these are our favorites in pretty diagram form:
Connecting To Corporate Networks Via Unsecure Devices
Yep, Dana in Accounts is remotely accessing your salary information from her crappy tablet, reeking with an outdated OS, and you don’t even get a BYOB policy. Worse, she’s storing work documents with personally identifiable information (PII) on that prehistoric tablet she lugs into motocross practice.
The lack of boundaries between work and personal devices exposes you to multiple cyber threats, as cyberbaddies constantly take advantage of high-risk personal devices. Because it’s easy and they can.
Connecting Via Unsecure Internet Connections
Connecting to corporate networks via unsecured internet connections like free public wifi is a big risk you don’t need right now. Hackers are just waiting to chow down on that free smorgasbord of unencrypted data that unsecured WiFi feeds them.
Working From Home May Will Reduce Vigilance
Your people’s homes should be their safe zone, and it’s easy to understand how they might let their guard down to all the cyber security risks. They may not be following cyber security best practices. Understanding the cyber security risks of remote work is a joint responsibility of employer and employee alike, so you’ll need to work on helping your people understand that. (MDM can make it much easier for them to be cyber secure).
Your Team May Struggle To Identify Phishing Attacks
Phishing has gotten almost Oscar-worthy in its sophistication. Everyone risks falling for an attack of some kind of phishing, spear phishing, whaling, and other dumb marine terms. The bulk of the responsibility of recognizing and detecting phishing scams now falls on your remote team. Yep, your head-office IT guru might keep up with what’s hot in web scams, but your remote workers might not have the same bandwidth or knowledge.
VPNs May Become Overwhelmed
VPN overload is another major cyber challenge. A surge in traffic can overwhelm your VPN, which means a drop in performance or even some downtime (not downtime!). If your people can’t access the stuff they need, their frustration might lead them to use insecure access methods. Gotta love their ingenuity!
Don’t Panic, Here Are Some Sweet Cyber Security Best Practices For Remote Working
You got mobile device management, right? Let’s pretend you have, as this is the mommy and daddy of all remote cyber security best practices. It enables a ton of other best practices. We’ve banged on about MDM so much that we can’t even. But there’s more:
Establish And Enforce A Data Security Policy
Get those Acceptable Use and BYOD policies in place. If you want your team to be cyber security champions, you need to let them know what good cyber security looks like, that it’s expected, and that it’s part of their job.
Security Awareness Training Is Essential
Nobody is born with an innate understanding of cyber security. If they are, they’re probably aliens. That’s why it’s important to invest in effective security awareness training. And I’m not talking about the old-school method of chalk and talk. Let’s face it, who remembers anything from those boring lectures? Certainly not me. We’re talking some good ‘ol fashioned phishing training, the kind grandma used to make.
It’s cyber security awareness in practice, and you’ll have the data on who’s got their cyber security act together and who’s just ain’t learning that lesson. And don’t forget a solid IT helpdesk to support your people with security-related issues as they arise.
Enjoy A Zero Trust Approach
Zero trust is a security protocol that trusts nothing and no one. It’s an approach that
manages and grants (or doesn’t) access by continually verifying identities, devices, and services. You’re looking at delights such as two-factor authentication and the principle of least privilege, which restricts access to data or systems just to people who need it for their role.
Block Access To Unsecured Wifi
Sometimes crayoning, “DON’T USE UNSECURED WIFI,” on your acceptable use policy in big red shouty letters isn’t enough. Configure your MDM to block access to unauthorized networks automatically, so when Jane from Logistics tries to log on to the public WiFi at JFK Airport, she can’t. Sorry, Jane.
Be Very Good At Updating All Work Devices And Network Security Systems
One of the easiest ways to invite a hacker to party in your IT infrastructure is to fail to update your operating systems regularly. Ransomware loves those tasty gaps in operating systems because it helps it to spread across networks. MDM will help, of course.
Take Care Of Your Spares
Who wants an unsightly security gap caused by poor spare management? Certainly not you. One way to clean up that mess is to plan for devices that aren’t being used — maybe you have a stock of new undeployed MacBooks, or your whole sales team left, and now you have a stash of spare whatever-it-is-sales-people-use. Tracking, collecting, and warehousing your spares reduces the risk of those data-laden spares going AWOL. Spares management tightens up your IT asset lifecycle, keeping compliance people happy.
Remote Working Doesn’t Need To Be So Scary
Don’t let the cyber security risks of remote work make you cry! There’s a whole heap of cool security protocols and configurations you can deploy that’ll bring that risk way down. The ones you’ve managed to skim through above are only a small sample of delights. But if you’re even a little fazed by the choices, give us a ring. Tell us about your business, and we’ll give you our three top recommendations for slashing that cyber security risk, and none of it will be pushy sales stuff because we don’t do that.
Ignition is Silicon Valley’s best (and friendliest) IT security, compliance, and support team. Contact us now — chatting about IT support and cyber security is our favorite thing to do!