Overcome Cyber Security Challenges of a Remote Workforce
COVID-19 has challenged businesses to think about operations in a new way, and in many cases, your IT specialists may be supporting employees for the first time ever that were never intended or conceived to be remote or fully remote.
With an increased risk of employees falling prey to cyber-attacks, AAFCPAs advises clients to create new policies and leverage technologies to keep their company’s data and employees safe while working in their remote and often home environments. Our IT Security Specialists have provided the following key considerations and best practice recommendations to ensure clients can support a remote workforce while maintaining secure network access.
Cyber Security Questions to Consider
- Do you have a set of standard, practicable measures to ensure IT security of a remote workforce?
- Do you provide devices to your employees or do you allow a bring your own device (BYOD) security scheme?
- Have you informed and educated your workforce about the additional dangers during this time?
What Countermeasures/Risk Mitigation Techniques Can I Implement?
Ensure Logical Security of Devices at Home
Whether your users are working on company-issued computers or BYODs, the following tips can help secure at home use:
- Ensure users have changed the default name of their home Wi-Fi and confirm network passwords are unique, strong, and changed. Additionally, advise users to turn on their wireless router’s maximum encryption setting (any router with encryption settings below WPA2 should be replaced with one that is more capable), and disable SSID broadcasting to the general public. Ensure the wireless router’s firewall is turned on/or install a good firewall solution.
- Ensure user devices have up-to-date operating systems, security software, and firewalls. Tools can be used to verify the most up to date patches have been applied.
- Use a virtual private network (VPN) or remote desktop protocol (RDP) to access your network.
- Assess and advise employees of risks associated with home Internet of Things (IoT) devices, such as smart TVs, speakers, sprinklers, thermostats, video doorbells, printers, and more… These devices should not be on the same network used to access company data, but rather on a secondary or guest network.
Ensure Physical Security of Devices at Home
Bad actors, hackers, and thieves rely to a great extent on weaknesses in users. AAFCPAs advises clients to consider the following weaknesses to ensure your employees’ devices are physically secure:
- Discourage employees from sharing their login credentials with others, including individuals they may trust in their home.
- Do individuals, such as kids or significant others, have separate computer accounts on the systems? These systems are at an increased risk of exposure to malware.
- If you allow printing from home, provide protocols for protecting and disposing of printed material.
- Ensure employees have mandatory hard-drive encryption.
- Ensure data on your employees’ devices is backed up on a regular basis and centralized on the company’s systems. This will mitigate risks associated with Ransomware.
- Request that laptops be stored in a secure area when not in use.
Maintain Security Awareness
AAFCPAs advises clients to customize their IT Security Awareness Program for remote users to ensure your employees are mindful of security threats and avoid common pitfalls. Employee vigilance is the most effective component in keeping your data and systems secure. Phishing simulation software does a good job at identifying those who need training, and in many cases automatically directs them to training.
Companies transitioning to more remote work, either in response to the pandemic or growing employee demand, must respond to the unique security challenges involved in managing a mobile workforce. AAFCPAs’ Business & IT Consulting practice advises clients on data and systems security to mitigate the risks of serious problems like identity theft, data breaches and data loss.