Overcome Cyber Security Challenges of a Remote Workforce

COVID-19 has challenged businesses to think about operations in a new way, and in many cases, your IT specialists may be supporting employees for the first time ever that were never intended or conceived to be remote or fully remote.

With an increased risk of employees falling prey to cyber-attacks, AAFCPAs advises clients to create new policies and leverage technologies to keep their company’s data and employees safe while working in their remote and often home environments. Our IT Security Specialists have provided the following key considerations and best practice recommendations to ensure clients can support a remote workforce while maintaining secure network access.

Best Practices for Redeucing IT & Cyber Risks - eBook

Cyber Security Questions to Consider

  • Do you have a set of standard, practicable measures to ensure IT security of a remote workforce?
  • Do you provide devices to your employees or do you allow a bring your own device (BYOD) security scheme?
  • Have you informed and educated your workforce about the additional dangers during this time?

What Countermeasures/Risk Mitigation Techniques Can I Implement?

Ensure Logical Security of Devices at Home

Whether your users are working on company-issued computers or BYODs, the following tips can help secure at home use:

  • Ensure users have changed the default name of their home Wi-Fi and confirm network passwords are unique, strong, and changed. Additionally, advise users to turn on their wireless router’s maximum encryption setting (any router with encryption settings below WPA2 should be replaced with one that is more capable), and disable SSID broadcasting to the general public. Ensure the wireless router’s firewall is turned on/or install a good firewall solution.
  • Ensure user devices have up-to-date operating systems, security software, and firewalls. Tools can be used to verify the most up to date patches have been applied.
  • Use a virtual private network (VPN) or remote desktop protocol (RDP) to access your network.
  • Assess and advise employees of risks associated with home Internet of Things (IoT) devices, such as smart TVs, speakers, sprinklers, thermostats, video doorbells, printers, and more… These devices should not be on the same network used to access company data, but rather on a secondary or guest network.

Ensure Physical Security of Devices at Home

Bad actors, hackers, and thieves rely to a great extent on weaknesses in users. AAFCPAs advises clients to consider the following weaknesses to ensure your employees’ devices are physically secure:

  • Discourage employees from sharing their login credentials with others, including individuals they may trust in their home.
  • Do individuals, such as kids or significant others, have separate computer accounts on the systems? These systems are at an increased risk of exposure to malware.
  • If you allow printing from home, provide protocols for protecting and disposing of printed material.
  • Ensure employees have mandatory hard-drive encryption.
  • Ensure data on your employees’ devices is backed up on a regular basis and centralized on the company’s systems. This will mitigate risks associated with Ransomware.
  • Request that laptops be stored in a secure area when not in use.

Maintain Security Awareness

AAFCPAs advises clients to customize their IT Security Awareness Program for remote users to ensure your employees are mindful of security threats and avoid common pitfalls.  Employee vigilance is the most effective component in keeping your data and systems secure.  Phishing simulation software does a good job at identifying those who need training, and in many cases automatically directs them to training.

Companies transitioning to more remote work, either in response to the pandemic or growing employee demand, must respond to the unique security challenges involved in managing a mobile workforce. AAFCPAs’ Business & IT Consulting practice advises clients on data and systems security to mitigate the risks of serious problems like identity theft, data breaches and data loss.

If you have any questions, please contact James Jumes, MBA, M.Ed. at 774.512.4062, jjumes@nullaafcpa.comVassilis Kontoglis at 774.512.4069, vkontoglis@nullaafcpa.com; or your AAFCPAs Partner.

About the Authors

James Jumes
James joined AAFCPAs in 2013 to lead the Business Consulting Services practice. He has more than 25 years of experience working with information technology systems and diverse business operational processes. James is highly experienced in IT controls and assurance, SOX 404, and Service Organization Control (SOC) reports: SOC 1 (SSAE 18), SOC 2, SOC 2+ and 3 attestation reporting.  James developed a unique methodology to delivering SOC reporting services, and he is an AICPA-approved Peer Review SOC Specialist, assisting peer review teams to review SOC 1, 2, 2+ and 3 engagements. He is a HITRUST Certified Common Security Framework (CSF) Practitioner, providing HITRUST CSF self-assessment consulting, or SOC 2 + HITRUST for assessing against the evolving compliance landscape shaped by HITECH, HIPAA, CMS and various other federal, state and business requirements.
Vassilis is a leader in AAFCPAs’ Business Process & IT Consulting Practice. He has 20+ years’ proven experience providing business intelligence, productivity, information risk management, and cybersecurity solutions. He is a critical resource in keeping clients and the firm on the forefront of transformative technologies while mitigating risks that come along with these advancements. Vassilis leads the delivery of Robotic Process Automation solutions at AAFCPAs. He understands the unique requirements to achieve RPA success, including proper design, planning, implementation, and governance. He works collaboratively with clients and cross-functional teams, and leverages his deep understanding of enterprise information systems, business logic, and structured inputs to automate rote processes and increase operational efficiency. Vassilis is also the leader of AAFCPAs’ automation center of excellence (CoE), an internal team that streamlines automation output, provides structure, and helps scale automation through the firm.