COVID-19 changed a lot of things in our lives, including our working environment. Many of us worked remotely from our homes because of it. New hybrid workplaces have sprung up, with some employees working in the office, others working remotely and still others doing a mix of both. Hybrid and remote work environments need new tools and strategies to ensure that cyber security doesn’t get in the way of doing business.
So many endpoints in different locations necessitates the strongest cyber security possible to protect all data. (An endpoint is any device that is used to connect to your company’s network — phones, computers, faxes, servers — whether in your office, at home or in the cloud). Here are the things you need to achieve hybrid and remote work cyber security.
Physical Security Equipment
Check your company’s physical security. Is your office space more frequently empty (or even half empty)? If so, it might be time to invest in security measures including:
- Video surveillance.
- Laptop locks for your frequent travelers.
- Patrolling by security guards
A Virtual Private Network (VPN)
A VPN network is a secure link between your data and the internet. Once you have your own VPN, all your data traffic will be routed through an encrypted virtual tunnel. This allows your IP address to be invisible on the internet. It secures your data from external attacks including those who sign in remotely. Its advantage is that the level of security is the same as it is when someone logs in from a physical office.
Company Computers for All
Every employee needs to be working on a company-managed device, not their own computer, even if it’s remotely. Company-owned computers are maintained within the company’s IT and cyber security framework and will not be compromised by employees’ personal activities.
There’s a caveat to this rule: Some companies are moving away from providing physical laptops for remote workers in favor of a virtual machine (also called a virtual desktop). Users can log in to a virtual desktop from any device (even a personal computer) and be as secure as if they were on a VPN or in the office. This option has become more popular as virtual desktops have become easier to purchase and manage, such as with Microsoft’s new Windows 365 CloudPC.
An Encrypted Wi-Fi Connection
Whether the internet connection is at someone’s home, your office or an airport, don’t use it if it doesn’t have an encryption protocol such as WPA2.
At home, employees will need training or assistance in securing their router. Strong passwords are a priority. You can help them by creating guides and checklists. Be prepared to support remote workers with one-on-one assistance as needed.
For remote work cyber security, consider hardware firewalls: physical devices that attach to computers and control the traffic and data that touch the computer. These are especially needed for long-term remote locations, such as an employee’s permanent home office as well as the physical office.
USB Data Blocker
Don’t assume that a public charging station (like those at an airport) or even charging at a friend’s house, is secure. Pick up a USB data blocker for workers who travel a lot or use a public charging station for other reasons. A USB blocker is a device that blocks data from being transferred when a device is plugged into a public charging hub.
A typical USB connection allows both power and data to be transferred. The USB data blocker prevents the unwitting transfer of data but allows the user to power up and work. This device prevents viruses and malware from getting into your company and possibly transferring to your work environment.
Devise and Implement an IT Usage Policy
Again, how work should be done from home as well as anywhere else, including your physical office, should be detailed in a comprehensive IT use policy. It must include ways to securely protect company data, computers and devices and how to notify IT support about potential security issues. Consequences of not strictly following the policy and thereby exposing the company to threats should be clearly defined.
Good Video Conferencing Equipment
While it’s not a cyber security tip, we’d be remiss if we didn’t also mention conferencing equipment for the new hybrid office. When some of your team is in the office and some members are remote, skimping on conferencing technology is simply not an option. Luckily, the cost of video conferencing solutions has come down significantly and there are many reasonably priced options. Trust us: it is well worth the investment.
Some user-friendly and secure options include Google Meet, Slack Video and Microsoft Teams. These platforms have a range of features and can work seamlessly with your company’s needs. If you are still unsure about the security of your video conferencing tool of choice, check out this Cyber Security Essentials Checklist.
Train Staff About Cyber Security
The biggest threat to your company’s security is your trusted employees. All of them, including the management team, need to receive comprehensive training about the best way to keep your data safe. Your employees must understand your IT use policy as well as concepts such as:
- How to spot phishing attempts.
- How to react to a ransomware threat.
- Why multi-factor authentication helps keep passwords safe.
Remind your team that the most expensive and damaging cyber attacks are caused by employees being tricked into providing access to the network. Some of the worst breaches have started with employees responding in some way to an email they thought was sent from a legitimate contact when it wasn’t. Educate them on how to scrutinize emails and where to report anything suspicious.
Breaches and their damaging losses to businesses cannot be prevented solely by technology because they happen by tricking employees. A good IT support provider will include regular cyber security training for your team as part of their services.
Make Cyber Security Part of Your Work Style
If everyone is aware of how breaches occur, they are less likely to happen. Make cyber security part of your company’s daily work style. Bring your team into discussions on cyber security:
- Ask them what works.
- Where are people stumbling?
- What tools can be leveraged to help?
- Rework or rewrite unclear/outdated policies.
- Retrain them on practices that are falling off.
- Keep the lines of communication open.
Stay Adaptable for Remote Work Cyber Security
COVID has certainly taught all of us how to adapt and keep our businesses running amid various changes in environment and circumstance. Don’t regress to the old way of doing things. Staying adaptable is your best path toward future stability and growth.
And remember, you don’t have to do this alone. As a managed service provider (MSP), Aeko Systems can help you with all of the above, plus any other technology challenges specific to your business or industry. Contact us or book a meeting for a quick consultation.
Are you aware of the most common cyberattack methods?
Did you know there are over 3.4 billion phishing emails sent every day? Phishing and other cybercriminal behavior are a lot more common than you’d think.
Our free “Phishing, Smishing, Vishing, Pharming? A Cyberattacks Guide” will inform you about cyberattack methods and give you the latest in data security tips.