The New Normal
Remote work is the new normal in our COVID-19 universe. As one of our team members explained:
“I’ll be a bit late to my office. Traffic is crazy. There was a massive pile-up of a bike, a helmet, frozen toys and a shoe blocking the entrance to the off-ramp to my home office this morning.”
Working remotely can be a crisis necessity.
Or an employee perk.
Or a way into an emerging market.
For whatever reason you have employees dodging toys on their way to work, you must have a strong remote work strategy to be successful in this new normal.
Remote Work is Good for Business
Working remotely can be good for business as Adept’s CEO, Larry Johnson, explains in this blog article, It's a Remote Possibility.
A two-year study by Nicholas Bloom, A Stanford Graduate School of Business professor, showed:
- A 13% increase in performance, which is almost equivalent to a full day's work.
- People working from home were much better at working their full shift because there were fewer distractions.
- Quit rates dropped by 50%, showing employees loved working from home.
- Profits increased by $2000 per employee working from home.
However, the elephant in this room of positivity is added security risks.
Remote Work Can Increase Your Security Vulnerability
Employees nestled in office locations work on devices protected with multiple layers of security. But once they walk out the office door, a data breach could be just around the corner.
The following practices can help secure your remote workforce.
1. Implement a Remote Work Policy
Create a Remote Work Policy that clearly outlines your company’s expectations of remote workers. Employees should read, agree, sign off on, and be accountable for this information. Much of the information that follows could be included in this policy.
An Acceptable Use Policy, which is also critical to your IT security program, defines what employees can and cannot do with company IT resources. Your Remote Work Policy can be included as a section in this policy.
2. Protect Your Devices
Provide company devices and ensure your IT department installs essential security tools such as a firewall and antivirus software and provides ongoing updates to the OS, applications, firmware, etc. They should also monitor electronic traffic for any security concerns. Requesting a web filter will ensure workers only access content and sites needed for work.
Password protect devices and enable automatic screen locks.
Keep devices secure by keeping them in sight or locked. Never leave devices in a car. Consider physically securing computers in public places with locking cables or locking laptop bags.
Protect smartphones. If you use your phone to access company emails and files, security precautions are critical. Make sure to password protect your phone; update with the latest firmware version; download only legitimate apps from official stores; and consider installing a mobile security app.
Keep work data on work computers. Use personal computers for life outside of work; use work computers for work--and never mix the two! By introducing a personal computer to the company network, you could put your company and your job at risk.
Create a reporting procedure, so employees know what to do if their device is stolen or lost.
3. Create a Secure Connection
Create a secure connection to the office. Never use public WIFI. Consider using a VPN (Virtual Private Network) or remote computer access. Your IT provider should recommend what connection is best for your circumstances.
Never use public chargers. If you need to charge a device at a public charging station, use a USB data blocker to prevent data exchange.
Secure the home network. Update the router firmware and make sure it has a strong password. Disable “automatic addition of new devices” on your router. WIFI should have WPA-2 or higher encryption with a strong password.
4. Use the Cloud
Keep files and services in the cloud. This is one of the best ways to keep data secure. Applications such as Microsoft 365 stores data that can be accessed from any location. They also make file sharing and collaboration easy for your team.
Use Additional backup for Microsoft 365. Microsoft provides security to protect your applications from hardware and software failures, power outages and natural disasters. But it does not provide coverage for human or programming errors, malicious insiders, hackers or viruses. Install additional backup that will protect your data, contacts and calendars from these additional risks.
5. Use Encryption
Encrypt your data at every point possible, but at a minimum, encrypt business emails.
6. Make Passwords Strong and Enable MFA (multi-factor authentication)
Require a strong password policy and encourage employees to use a password manager. Using MFA is far more secure than using a password alone. MFA should be enabled whenever possible.
7. Limit Privileges
Need-to-know access only. Segmenting privileges means if an employee’s account is compromised, the hacker’s access is limited.
Limit admin access. The only people who should have admin access are your IT team, and they should use it only when performing work that requires it.
8. Require Security Awareness Training
Security Awareness Training should be required of all employees, including remote workers. Employees are the weakest link in your cybersecurity. Even if all the above security precautions are in place, one employee clicking on one phishing email can compromise your company.
A good IT Security Training program will include best practices for phishing emails, passwords, malware prevention, social engineering, web browsing, working remotely, mobile devices, removable media, confidential data, and physical security.
Keeping your remote workers secure can be a challenge, but it can be done! IT security is critical to protecting your company’s data, reputation, and finances.
We are happy to help. Please contact us: phone, 530-751-5100 or email, firstname.lastname@example.org
Be cyber smart and stay safe,
The Adept Team