3 Cybersecurity Tips for Remote Workers
There has been a work paradigm shift in the United States since the pandemic. A recent McKinsey & Company survey revealed that 58 percent of Americans reported having the ability to work from home at least one day per week and 35 percent reported they can work from home five days per week. These numbers are striking when we consider that only 6 percent of people reported the ability to work remotely in 2018.
This new paradigm has also changed the way in which workers view job opportunities. Hiring managers should be aware that remote work is now a top three motivator for employees looking for a new job — behind only greater pay and better career opportunities. And ahead of more traditional metrics like benefits and paid leave.
Since the McKinsey survey is focused only on those working from home, the number of people working remotely is surely greater when you consider those traveling or working in the field. This is important to note because from a cybersecurity perspective, there is little difference between working from home, from a hotel room, or from a client’s job site. If an employee is connecting to company systems from outside the organization there are basic cyber hygiene practices that need to be followed.
Mandate a Virtual Private Network (VPN)
If your company has remote workers, you should invest in a VPN and require its use for all employees who are working outside of the office.
A VPN allows you and your employees to connect safely to the company network when not in the office. It does so by encrypting the connection between the user’s device (mobile phone, tablet, laptop) and the company’s network. Remote employees then become an extension of the company network inheriting the same security as workers who are in the office.
Hackers can exploit remote workers who are not using a VPN by accessing the user’s web browsing activity and their IP address, both of which can lead to cybersecurity data breaches.
Be Mindful of Wi-Fi
If you or your remote workers are working from home on Wi-Fi, the below guidelines will help you to do so more securely.
First, change the default password that comes with your Wi-Fi router. This password is usually denoted with a sticker on the bottom of the router. The person who installed your router knows this password. It's a best practice to change it. Remember to use a complex password that is at least nine characters long and includes upper and lower case letters, numbers, and special characters. This will prevent hackers from guessing or cracking the password.
Second, turn off “name broadcasting” on your Wi-Fi router. Name broadcasting allows nearby users to see which Wi-Fi networks are available in their area. Disabling name broadcasting keeps your Wi-Fi invisible to the public, and hackers. The name of your Wi-Fi can be provided to trusted users when they need to access it. Once the trusted user has the name of the Wi-Fi, they will be able to find it using the search feature on their device.
Lastly, do not use public Wi-Fi. These free Wi-Fi networks are often found at airports, coffee shops and in hotel lobbies. Clever hackers are on these networks looking to steal your data. If you absolutely must connect to a public Wi-Fi, use a VPN to do so. As we discussed earlier, the VPN will encrypt the data connection concealing it from a hacker’s view.
Protect Data by Encrypting Devices
The data on your employees’ devices is often more valuable than the device itself. Imagine the access a cybercriminal would have if they had access to a company laptop or smartphone. As remote work increases, the chances of lost or stolen devices also increases. You can protect yourself and your company by encrypting the hard drives on your devices. Luckily, if you have an iPhone, iPad, Android Phone or Android tablet, hard drive encryption is enabled by default.
If you are using Windows, you should enable BitLocker.
If you are using MacOS, you should enable FileVault.
There are many other cyber hygiene best practices that should be deployed when you have employees that are working remotely. If you would like to learn more, reach out to your cybersecurity consultant or see the MMA membership directory for help finding one.
About the Author
Dave Kelly is SensCy’s Chief Technology Officer and helps small and medium-sized organizations improve their cyberhealth. He may be reached at firstname.lastname@example.org.
SensCy is an MMA Premium Associate Member and has been an MMA member company since September 2022. Visit online: senscy.com.