20.10.2020 Five forward-thinking tips to secure a remote workforce

by Andrew Milne

As part of Cyber Security Awareness Month, Field Effect is publishing a series of blogs throughout October to help you stay informed and aware of the threats facing small and mid-size businesses and what you can do to defend against them. 

Since the start of the pandemic, businesses have been playing catch-up with their cyber security. The unexpected rush to enable remote work meant putting the right infrastructure in place first, then addressing vulnerabilities and other issues second.

Well, the verdict is in: remote work is here to stay.

Companies are going digital by default and employees have adjusted quickly, with 45% of respondents in a recent study indicating theyd prefer to work remotely three or more days a week. Other data shows that 67% of businesses plan to oblige this request by solidifying work-from-home policies after COVID-19.

If your organization plans to continue remote work, now is the time to make permanent changes to your policies, equipment, and processes. Business owners should divert their attention toward long-term remote work plans.

Your teams need access to the same services, apps, and information, regardless of where they work. But your risks change as soon as employees leave the office. So, the question is: how do you maintain your cyber security when employees work remotely? It all starts with knowing the new and existing threats to your business.

New remote work risks to your business

About 30% of organizations have seen a spike in the number of cyber attack attempts since the start of the pandemic.

Several factors contribute to this spike, including a rapidly changing threat surface, cyber security that hasnt kept up, and a distracted workforce.

About 30% of organizations experienced a spike in the number of cyber attacks since the start of the pandemic.

A changing threat surface

Your threat surface is all the attackable points in a network that an attacker can access. If this surface changes, but your cyber security approach doesnt, there will be many gaps for attackers to take advantage of.

Before COVID and the shift to remote work, IT teams already struggled to enforce cyber defence policies. Now that employees have moved from the office into their homes, IT teams have significantly less oversight and control. As a result, 54% of IT workers are feeling concerned about the harm from future cyber attacks.

In addition to the lack of control, home offices and public spaces bring a whole host of new risks. Between unsecured personal devices in employees’ homes and the security concerns that come with a shared workspace, new remote work threats are challenging IT teams.

A distracted workforce

60% of UK businesses reported experiencing a cyber attack caused by human error. And this statistic comes before the grand work-from-home experiment when most employees worked in a controlled, secure office.

Employees are busy adapting to a new workplace and pandemic stress, meaning they may be distracted and more likely to open a malicious email. This makes them an easy target for attackers, and it’s part of the reason why COVID-related phishing emails exploded earlier this year.

A distracted employee may also be more likely to leave their work device unattended. And, if theyre working from a public space, this paves the way for a malicious actor to access sensitive data.

Five ways to secure remote workers long-term

  1. Review your current security posture

At the start of the pandemic, businesses rushed to enable remote work and keep operations running smoothly. Mistakes happen when youre working under pressure, so now is the right time to take a close look at the changes you made.

Gartner calls this a needs assessment,” and the goal is to identify gaps between the current and desired state of security controls. Look at the new services, applications, and equipment your employees have started using, then determine:

  • Do employees know their role in protecting company data?
  • Are employee access levels correct? Should I adjust these to improve security?
  • Are the new defence measures limiting or enabling employee productivity?
  • Do employees have all the tools and equipment they need to conduct business securely? If not, are they using unsecured personal devices to supplement?
  1. Use the right security tools

With home networks and flexible shared workspaces in the mix, you may need new security measures that you didnt have before. You may also need to upgrade your existing security tools if they’re not comprehensive enough to protect remote workers and any new cloud services — including videoconferencing apps — youve adopted.

Between home networks and flexible shared workspaces, you may need new security measures that you didnt have before.

 Consider investing in virtual private networks (VPNs), password managersmulti-factor authentication (MFA), and an advanced threat monitoring solution to establish a secure working environment for your employees. The right threat monitoring platform will not only enable you to detect new threats and vulnerabilities but also provide clear guidance to help you resolve them.

  1. Educate your remote workers

A big chunk of cyber security now rests on your staffs shoulders, and they need to be ready to protect their data, devices, and the business.

Human error continues to be a leading cause of data breaches, and theres concern that remote work will increase this risk. Help employees make the right security-related choices with regular training sessions.

If you already have a training regimen, youll want to update it with a focus on remote work. Discuss new and emerging threats pertinent to a distributed workforce. Share cyber security best practices that apply more when you work remotely, such as being vigilant when opening emails and conducting business using corporate-owned (or otherwise secured) devices.

  1. Update your remote work-related policies

Even with top-notch security tools and a highly educated team following best practices, attackers can still find their way in. For this reason, update your remote work and cyber security policies to reflect new risks and what to do in case of a suspected attack.

As an employer, it is your responsibility to provide your employees with clear guidance about remote work rules, emerging threats, and cyber security best practices. When they inevitably turn to these documents for information, you want to be sure they are accurate and up to date.

  1. Protect individual devices

End-user devices, such as desktops, laptops, smartphones, and tablets, are the entry points to your organization’s network. Sometimes referred to as endpoints, these devices quite literally represent an endpoint on the network.

These devices allow employees to access, share, download, and store valuable data remotely but, without security controls, they can create potential entry points for attackers. As the number of endpoints increases with remote work, businesses need to make endpoint security a vital part of their defence strategy.

Keep devices secure by using complex passwords and multi-factor authentication. Set up phones, tablets, and computers to password-lock on their own after a few idle minutes. Configure devices to scan for and run software updates regularly.

To further your defence, invest in a cyber security solution that can detect potentially harmful activity and prevent attacks on endpoint devices. The right tool will not only help you avoid costly data loss and data recovery but provide you with a defence to secure remote workers.

  1. Bonus tip: Master the fundamentals

No matter your size of business or industry, strong cyber security begins with the basics. The best part is you dont need to be a cyber security wizard to master the fundamentals and start securing your business.

To stay informed about cyber risks and how threat monitoring and detection can protect your business from cyber threats, sign up for our newsletter below.

Cyber Security News and Updates

The Field Effect Newsletter



 

Request Demo

Fill out the form and we will send you details about our demo.

 
  • Get Covalence Cloud Now

    Protect your company today

    REQUIRED *
  • Let us know what Cloud Services you have
  • By clicking the button below, you agree to the Field Effect terms and conditions

  • This field is for validation purposes and should be left unchanged.
 
  • Sign up

    Get your free 30-min assessment with a cyber security pro to help you understand your security needs

  • This field is for validation purposes and should be left unchanged.
 
  • Sign up

    Get your free 30-min assessment with a cyber security pro to help you understand your security needs

  • This field is for validation purposes and should be left unchanged.
 

Send Us A Message

Fill out the form and we will get back to you!

 

Think you are ready?

We are always on the look-out for amazing people. Think you are one of them? Complete the form here!

  • Accepted file types: pdf, jpg, png, doc, docx.

Solutions

Field Effect’s experience has taught us that every organization is different – different workflows, different personnel and different threats.

Products

We believe in modularity, simplicity and effectiveness. Our expert developers have lived the challenges you want solved. Build and operate more secure and resilient networks with Field Effect Software.

Company

We are proven leaders in the development of network application solutions, low level systems development, and cyber security analytics.

Partners

Partner with Field Effect and gain the cyber security solutions, services, and support to secure your customer’s operations, drive client success, and realize profits.

Careers

We’re always looking for highly-skilled security and engineering professionals to join our team…

Contact

Field Effect Software helps strengthen the IT security operations of organizations large and small. We understand that different organizations face different challenges, and we’re incomparably qualified to match the perfect solution to your unique challenges. Drop us a line, we’d love to help.

COVID-19 – A message from our Chief Operating Officer