Cybersecurity Tips for Remote Employees to Keep Data Secure
The number of Americans working remotely surged in the first half of 2020 in response to the COVID-19 pandemic. According to a Gallup survey from April of that year, more than 60% of Americans reported working at least partially from home. While that percentage has changed, the number of remote workers is still well above pre-pandemic levels.
The pivot to telework has yielded many benefits for employers, including cost savings, increased productivity, and greater employee retention. But, there is an unfortunate flip side to this transition: employees who work remotely face enhanced exposure to cybersecurity threats.
Employers and employees are not powerless against these threats. By providing cybersecurity tips for employees who work remotely, organizations can protect their businesses from cybercriminals. Simple steps such as using complex passwords and avoiding suspicious emails—alongside advanced strategies such as the implementation of encryption software and the expertise of an IT department—are increasingly important as more people find themselves working from home.
Remote Work Cybersecurity Threats
Cyber attacks are an omnipresent threat in the digital age. The increase in remote work has heightened these dangers. An employee working from home is more vulnerable to enterprising cybercriminals. These digital hackers can easily exploit the many weaknesses in a remote work setup to access sensitive and confidential data about an organization or individual.
The home Wi-Fi networks of remote workers are typically less secure than those found in office environments, even if password protected. Weak passwords can leave Wi-Fi networks open to infiltration. Additionally, if an employee uses the same password across several platforms, hackers can quickly and easily gain access to multiple accounts. A study by the American Consumer Institute: Center for Citizen Research found that the majority of people rarely update their home routers, leaving them vulnerable to attack.
Many remote employees work on personal devices as opposed to computers provided by their organization. This presents additional security risks. Most home worker’s devices only have simple antivirus programs, while an organization’s IT department will more thoroughly secure company devices. Personal devices shared in the household add another layer of risk. The online habits of family members—visiting a questionable website or downloading potentially malware-laden files—can jeopardize company data.
Certain cybersecurity threats are amplified when employees work remotely. This includes phishing, an attempt to obtain sensitive information via email by posing as a reputable person or entity. This method is one of the most common forms of cyber attacks and is widely recognized as the leading cause of data breaches. A constant threat, phishing scams jumped dramatically during 2020 as more people shifted to at-home work, according to a report from the U.S. Chamber of Commerce. In the report, Michael D’Ambrosio, assistant director of the U.S. Secret Service and head of its Office of Investigations, stated that there was an exponential increase in phishing attacks tied to the COVID-19 pandemic and pivot to remote work.
Ransomware attacks, a form of a cyberattack that holds sensitive data hostage in exchange for money, also are rising due to the uptick in telework. Norwich University recently held a ransomware webinar that highlighted the surge in attacks and explained strategies for individuals and organizations to guard against them.
Cybersecurity Tips and Strategies for Training Remote Employees
The consequences of a cyber attack often are steep. According to IBM, it can cost nearly $4 million per attack and take almost nine months to identify and contain a data breach. The following cybersecurity tips for employees who work from home can reduce the risks of a cyber attack.
Using strong passwords, varying them across platforms, and frequently updating them are basic methods to protect data. Organizations can offer password security training for employees and may want to invest in password management software that can randomly generate passwords and store them safely.
For added security, many organizations also moved to multi-factor authentication. This method of logging on to a network first confirms a person’s identity with a username and password and then requires another piece of information. Microsoft estimated that multi-factor authentication can counter 99.9% of fraudulent sign-ins on its cloud services.
Remote workers should steer clear of free public Wi-Fi such as those in coffee shops and libraries. They also should regularly update their home Wi-Fi and all their devices with the latest security patches and upgrades. Additionally, remote workers should regularly back up important files. A backup is the last line of defense in the event of a cyber attack.
Cybersecurity experts recommend that organizations require remote employees to use a virtual private network (VPN). This enables remote workers to safely send and receive sensitive data across a public internet connection by encrypting it. Encryption can protect sensitive data even if it becomes compromised since encrypted data is indecipherable without an encryption key.
Maintaining clear lines of communication between an organization’s IT department and remote workers is imperative in the age of social distancing. According to Deloitte, the COVID-19 pandemic has likely diminished the ability of cybersecurity teams to detect and respond to threats. Regular communication from an IT team—whether providing feedback on how staff should react to a data breach or offering simple cybersecurity tips for employees—allows organizations to proactively address potential issues.
For example, employees should receive warnings about suspicious emails, particularly those that ask for personal information or insist readers click on an outbound link. These are common phishing tactics that can compromise employee and company data. Since employees have varying levels of expertise, keeping an open line of communication between technical support and staff ensures an organization can maintain cybersecurity in remote work locations.
How Cybersecurity Professionals Can Ensure Remote Protection
The escalating number of people working remotely, particularly during the pandemic, corresponds with an increased number of cyberattacks. This enhanced threat level underscores the important impact of remote-focused cybersecurity. Cybersecurity professionals play a key role in protecting the remote work environment by leveraging their analytical, problem-solving, and technical skills and communicating with at-home employees.
One way that cybersecurity professionals protect organizations is through intrusion detection: searching for and identifying potential network vulnerabilities. Because remote work opens new and often easier avenues for cybercriminals, regular intrusion detection is key for organizations to stay one step ahead of potential breaches.
An organization’s IT department should regularly analyze internet traffic, especially in remote work situations. In this analysis, IT staffers work to identify user patterns and recognize when deviations from the pattern signal a potential security concern.
Additionally, the move to virtual offices has accelerated the demand for cloud-based services, which allow a decentralized workforce to store huge amounts of data. Based on data from research firm Canalys, The Wall Street Journal reported that companies worldwide spent a record $34.6 billion on cloud services in the second quarter of 2020, an 11% increase from the first quarter and up 30% from the same period last year. Consequently, cybersecurity professionals with cloud computing knowledge are in high demand by organizations that seek to protect their data.
Become a Cybersecurity Expert in the Remote Work Era
The transition to an increasingly remote workforce is here to stay along with cybersecurity. The Norwich University cybersecurity program is one of the first recognized by the National Security Agency (NSA) and Department of Homeland Security as a Center of Academic Excellence in Information Assurance Education (now known as a Center of Academic Excellence in Cyber Defense).
Individuals wanting to learn how to protect sensitive online data can explore Norwich University’s online Master of Science in Cybersecurity program and its Critical Infrastructure Protection and Cyber Crime concentration. Students in this concentration will explore the nature of conflict in cyberspace and how infrastructure sectors critical to national security protect information.
How to Become a Penetration Tester as Part of an IT Team
5 Types of Cyber Crime: How Cybersecurity Professionals Prevent Attacks
Cybersecurity Careers in Government and Agencies: Defense for the 21st Century
U.S. Workers Discovering Affinity for Remote Work, Gallup
5 Proven Benefits of Remote Work for Companies, Forbes
Securing IoT Devices: How Safe is Your Wi-Fi Router?, American Consumer Institute: Center for Citizen Research
Cybersecurity Tips for Working from Home, Business News Daily
Beware: Remote Work Involves These 3 Cyber Security Risks, Forbes
Assessment of Business Cyber Risk, U.S. Chamber of Commerce
Ransomware vs WFH: How Remote Working is Making Cyberattacks Easier to Pull Off, ZDNet
How Much Would A Data Breach Cost Your Business, IBM
6 Ways to Keep Employer Data Secure When Working Remotely, CMS Wire
Why Cloud Needs a New Approach to Cybersecurity, CIO
The Top 10 Employer Cybersecurity Concerns For Employees Regarding Remote Work, Security Magazine
Top Tips for Cybersecurity When Working Remotely, European Union Agency for Cybersecurity
How to Maintain Cybersecurity for Your Remote Workers, SHRM
COVID-19’s Impact on Cybersecurity, Deloitte
4 Most In-Demand Cybersecurity Skills, CIO
Cloud Spending Hits Record Amid Economic Fallout From COVID-19, The Wall Street Journal