How to Cut Security Risks for Remote Workers

How to Cut Security Risks for 

Remote Workers

How to Cut Security Risks for Remote Workers

This post is the sixth post in our Cybersecurity User Awareness series. Take a look at the other posts in this series:

  1. How to Fight Fraud with Security Intelligence
  2. The 6 Biggest Email Security Risks for Enterprises
  3. Security is Not Privacy: Ways to Keep Personal Data Secure
  4. Building a Mobile Threat Defense for Your Enterprise Devices
  5. How to Cut Security Risks for Remote Workers
  6. 10 Surprising Security Risks in Your Office
  7. Do You Know All Types of Internet Security Threats?
  8. 5 Steps of a Successful Cybersecurity User Awareness Program
  9. Five Alarming Approaches to Extortion
  10. How to Become a Harder Target From Malicious Threat Actors
  11. How to Reduce Security Risks in the Future
  12. You don’t need rocket science to build a Human Firewall

The Current State of Cybersecurity in the Remote Workforce

Due to the worldwide pandemic, the amount of remote workers has risen exponentially. Gartner has reported that 88 percent of organizations around the world either made it mandatory or encouraged their employees to work from home as COVID-19 cases began to rise.

According to Morphisec’s Work-from-Home Employee Cybersecurity Threat Index, 49 percent of employees say working from home was an entirely new experience when the pandemic hit. And while 75 percent of telecommuters stated they usually or almost always take the cybersecurity advice given to them by their IT teams, 20 percent said their IT team had yet to provide any tips for working remotely.

With the sheer number of new remote workers, staying secure at home has become a major worry for organizations. Everything from phishing attacks to weak passwords could be putting your organization at risk. That’s why it’s so important to equip employees with the necessary tools and knowledge to avoid and cut risks as they work from home.

How to Reduce Risk

Since so many workers are new to working from home, there’s a great chance that many are unclear on how they may be putting themselves at security risk. Let's take a look at a few areas where remote employees may encounter risks.

Removable Media

Be sure to share with your employees the importance of being careful with removable media. Removable media is considered any device or portable storage medium that allows a user to download and/or copy data to it and transport it elsewhere. This includes USB drives, smartphones, SD cards, music players, and more.

While removable media is inexpensive and convenient for storage, it can be dangerous. Malware can be planted on removable media, which can easily be replicated and distributed to other unprotected devices that use the removable media. This can pose serious risks to your organization’s cybersecurity. If your employees choose to use removable media, make sure their device is protected, that they do not share it or plug it into unknown ports, and they understand how to properly and securely transfer data.

USB Key Drop

Delving further into USB devices, there is another risk your employees may not be aware of: USB key drop attacks. A USB key drop attack is when a cybercriminal purposefully leaves behind a USB device for someone to find. The idea is that whoever finds the device will plug it into their computer, giving way to an attack. These criminals may do so through malicious code, social engineering, or human interface device spoofing. To prevent this from happening, warn employees about the dangers of plugging in unknown or “lost” USB devices. This includes USB devices such as fans, headsets battery chargers, etc. While they may have good intentions in trying to return the device to its rightful owner, that’s not always the case. Curiosity often gets the best of people and that’s exactly what cybercriminals prey on. The risks are just too high.

Dumpster Diving

Though it may seem silly, dumpster diving is a real threat to the security of your organization. Sometimes employees may have a careless moment and trash something containing important information, whether through disposing of a hard drive, items in your Recycle folder, or literally documents in the garbage can. If a cybercriminal gets a hold of this information, they could use it against your organization.

Talk to your employees about the dangers of dumpster diving and run through the list of information cybercriminals typically seek. This can include marketing information, employee addresses, and other contact information, account logins, medical records, and more.

Confidential Material

Speaking of private information, teach your employees about keeping everything confidential. It can be easy to slip while working remotely, but everyone in the organization should be doing everything in their power to conceal their private information and ensure it is only accessible to those who are authorized to do so. If someone who is not authorized to view this information gains access, it’s considered a data breach or breach of confidentiality.

Work with your employees to ensure the appropriate passwords and two-factor authentications are in place so no one accidentally falls victim. And make sure they do not post pictures on social media with their work screens in view. Again, it may seem like a no-brainer, but it happens more than you’d think.

Free WiFi

We get it, working at home can get pretty cramped. Maybe you skip down to the coffee shop to get some work done, or a local hotel is your oasis. But free access to public WiFi is a breeding ground for cybercriminals since organizations scarcely take the proper security measures to keep malware out.

With free WiFi, criminals can spy on and even intercept data that is transferred on the network. Through this method, cybercriminals can gain access to confidential information to both the user and their organization. While it is quick and convenient to use free WiFi, encourage employees to use personal or work hotspots to get work done whenever they are working in a public setting.

Home WiFi

You may think your home WiFi is safe and secure but think again. Have you ever noticed your neighbor’s WiFi networks pop up when you’re connecting? Your WiFi reaches further than just the confines of your home. When people outside of your home can pick up a signal from your router, that means they can likely also capture data and crack your passwords. This could easily lead to a cybercriminal installing malware on your network.

Employees should implement firewalls and strong passwords and be sure not to use the default router names and logins given at installation. Wireless protected access 2 (WPA2) is particularly helpful in this situation. By locking down your WiFi to just your home, you’ll be able to stay safe and secure.

Preventing Risk for Remote Works in the Future

We know these are trying times - but don’t let them become more challenging. Talk with your colleagues about their concerns and fears about cybersecurity to get a baseline of where everyone is at in terms of cutting back risks. Then, discuss how they can begin to make changes within their own daily lives to make your organization a safer place no matter where everyone is logging on from. When everyone begins to make these changes, it will become second nature. And in times like these, it pays to stay safe.

Get Started with Our Checklist

If you’re unclear about your employees’ knowledge of cybersecurity at home, consider using SoftwareONE’s How to Reduce Security Risks for Your Remote Workers checklist. This checklist will help you lay a more solid foundation down so everyone at your organization understands the risks involved with working from home.

Download Today

Comment on this article

Leave a comment to let us know what you think about this topic!

Leave a comment

Author

Bala Sathunathan

Bala Sethunathan

Director, Security Practice & CISO

Cybersecurity

Related Articles

multilayer-edr-xdr-is-next

Multilayer EDR (XDR) is Next

Most organizations don’t want to work with EDR due to the huge number of alerts to manage. Cross-layer EDR (XDR) can be the solution. Find out how.

Endpoint Security: What you need to know about "Next-Gen" EDR

"Next-Gen" EDR

Combining EDR and SIEM might be the ideal way of fighting cyber security risks. But why isn’t EDR enough? Learn more about the challenges of standalone EDR and how it differs from SIEM.

endpoint-detection-and-response
  • 05 November 2020
  • Cybersecurity, Managed Security
  • Cyber-Crime, Cyber-Threats

Endpoint Detection and Response

With increasing workplace mobility, it's no surprise that endpoint devices become more vulnerable. Learn how EDR tools can protect you from malware!