We have entered the world of the flexible workforce. More and more companies, and people, are turning their backs on the way we used to work. There are great benefits in working from home or allowing employees to do so, for both the employer and employee. These include reduced overhead costs, increased engagement and improved productivity, to name a few. However, having even just one remote worker can expose a company to a wide variety of previously unknown security risks.
The most prominent risk is that to cybersecurity. With age-old social engineering tactics on the rise again, employees are often the best, but most vulnerable, part of any company’s cybersecurity. And when you consider the vast majority of data breaches are in fact caused by human error, the need to address this risk is even greater.
But your remote employees will only be a security risk if you let them. Taking appropriate steps to protect data can minimize the risk and keep remote workers as a viable option. Here’s what every company should be doing to make sure remote employees aren’t an Achilles Heel to cybersecurity.
Have a Plan and Stick To It
A data breach can do great damage to a company’s bottom line and reputation. But the vast majority of small- to medium-sized businesses still do not have a cybersecurity plan in place. Not having a clearly-defined plan is a good recipe for disaster. Employees need to have detailed information as to how to create passwords, store and delete data, and seek assistance when they suspect something has gone wrong. Otherwise, they may do nothing or make a mistake, allowing a situation to spiral out of control.
Outlining company policy on cybersecurity is a critical first step to minimizing the security risk posed by remote workers. But it is not the only step. It is important to make sure employees are following it. It might be a good idea to schedule regular checkups or to have recurring training sessions so that people know to take cybersecurity seriously. Having remote employees sign special cybersecurity contracts is also a good option. This reminds them they are bound to stick to company protocol and encourages them to follow best practices.
Encourage the Use of Separate Devices
When sending employees off-site to work, encourage (or require) them to use company devices. It is much easier to control the security measures on a company-owned device than someone’s personal computer or phone. While software exists that allows people to access company records remotely, there are few replacements for having control over the physical device being used.
Mobile phones can pose a significant risk, as well. If employees do not have company-specific phones, make sure they are not using their personal devices to discuss sensitive information. It’s one thing to send a text to someone asking when they are coming in or what the status is on a report, but it’s quite another to ask for a password or specific data. This can be stolen easily, and this type of activity should be discouraged at all costs.
Require The Use of VPNs
For smaller companies, or for those who deal with independent contractors, it might not be possible to provide (and require the use of) separate devices. But this does not mean you are helpless against the cybersecurity risk these employees pose. Services such as a Virtual Private Network (VPN) are designed specifically for this. They encrypt data and hide the IP address of the user, meaning someone can be working with company information with a hidden connection between the user and the company. This is a simple step that goes a long way towards keeping sensitive data safe from those interested in stealing it.
Stay in Touch
Just because remote workers do not come into the office does not mean they are not part of the team. Schedule regular meetings with those who work outside the office to check in and see how things are going. Make cybersecurity a point of discussion in these meetings, inculcating it into company culture. In many ways, this is the best defense against a possible risk. Having everyone on the same team working to create a strong defense against hackers and other threats is the best way to prevent a disaster.
Remote workers can be a major security risk, but only when they are allowed to do so. Addressing this problem head on and using the tools available are keys to staying safe from the numerous cyber threats that exist. And as always, it’s better to be proactive rather than reactive, so now is the time to make cybersecurity a key feature of company culture.
About the Author: Caroline is a tech and IT blogger who focuses mostly on cybersecurity, often writing for Secure Thoughts. She sees hacking and data breaches as one of the greatest threats to businesses moving forward. Because of this, most of her work is dedicated to raising awareness about this threat so that people act now before it’s too late.