As many Canadians are facing the change of working in an office to a remote setting, it is very important for organizations to create a safe and secure remote work environment for employees. Not only does this benefit the organization by ensuring all data and processes are secure, it benefits the employees to know that they are keeping their families and homes safe and secure as well.
With a remote workforce comes key cybersecurity considerations and challenges, however the first thing to address is providing proper support to all your employees who are working from home. You can do this by:
- Limiting the number of risks you are asking people to address at home so they don’t feel overwhelmed
- Implementing a channel or process for them to ask questions and report incidents in real time, or as close to real time as possible
- Providing them with required additional equipment such as monitors, battery backups, laptops, keyboards, etc.
By offering your support both physically through workspace assistance, and mentally through education and remote IT support, you will be helping to ease the stress and anxiety during this period of change and ensure productivity levels do not dip. In addition to offering your support, you will want to educate them on the top three risks associated with working from home:
Social Engineering: Social engineering is the use of deception to manipulate individuals into providing their confidential or personal information that may be used for fraudulent purposes. There are 2 common types to look out for:
- Email Phishing: Email phishing is a type of online scam where criminals send an email that appears to originate from a legitimate source, asking you to provide sensitive information. This information could be used to make purchases using your credit card or banking information, hack a company or alter bank details so that payments are directed toward the criminal’s account, rather than the correct location. Your employees may be able to prevent phishing attempts by verifying the sender’s email address, verifying the link before clicking and thinking twice before providing personal information online.
- Phone-Based Phishing: Similarly, criminals are using phone-based phishing as a method of gaining sensitive information. Some common tactics we’ve seen are scammers posing as IT support and requesting information to reset your passwords, or impersonating your bank to attempt to solicit confidential information. To avoid these types of phone-based attacks we recommend that you do not answer the if you do not recognize the number, or if someone does call stating they are from IT support, hang up and call the support team back to confirm the validity of the call prior to giving away any sensitive information.
Weak Passwords: Weak passwords are a threat to your employees’ safety and security online. For both business and personal accounts, passwords should always be strong and unique to each account. Similarly, for home wi-fi access points and smart devices you should always change default passwords and ensure the new passwords are strong and unique for all devices, especially now that the remote workforce is increasing. If your employees are concerned about remembering all their complex and unique passwords, a password manager is a great tool to suggest to them.
Outdated Systems: Lastly, outdated systems are a very common risk to a company’s cybersecurity posture when their employees are working from home. It is very important to communicate the importance of following the necessary procedures regarding updating systems and software. Our recommendation is to always perform a device or software device when alerted, especially anti-malware updates. If your employees are unsure whether something needs to be updated, direct them to reach out to your IT department to confirm. Many software updates include the latest critical patches to security vulnerabilities, which is why this process is so important.
In addition to the top three risks we mentioned, there are a few other key considerations such as wi-fi security and using VPN whenever possible. With wi-fi some security precautions that we recommend are only allowing people you trust to connect and potentially considering a guest wi-fi, ensuring WPA-2 or higher is being used for authentication and do not leave SSIDs open. With both wi-fi and VPN networks it is important to ensure that other people in the home do not have access to work-related devices. Employees should also refrain from using non-company standard capabilities and technologies, and to access “confidential” information in accordance with policies and contractual obligations.
As we embark on our new work from home reality, it is important that organizations take care of their employees’ physical and online safety. Open lines of communication are critical during this time and will help to create a safe remote work environment at home.
To learn more about our technology solutions and services that keep your workforce safe and secure, visit cdw.ca/security