SBN

7 remote work cyber security rules every business should follow

With summer in full swing, it might be time for your business to implement remote work cyber security rules and guidelines. During these months many employees are taking their work home with them to help with childcare or to take advantage of the flexible hours. Although this is an amazing recent development to help with work-life balance, there are some downsides to this increasing trend.

Many businesses who are just beginning their WFH journey, don’t understand the consequences that could occur from their employees working remotely. A new location brings on a new world of attackers, weaknesses, and in turn, rules that need to be implemented. In this blog post, we’ll outline seven essential cyber security rules that every business should follow to protect their data, devices, and networks when employees are working remotely.

Tip #1: Have a secure network 

A new location means a new network with different privacy standards. It’s important to set your standards for what a person’s personal network should be and design a process that will allow you to confirm these things before sending anyone home with their work laptop. 

A person failing a live phishing test and being frustrated

“It’s been a “super-fantastic” experience to see people learning and talking about security threats.”

For just $325 USD, you can run a 6 week, automated program for gamified phishing awareness training and challenges.  (Limited time offer. Normally valued at $999 USD)

Use Promo Code: 6WEEKS

There are two options for a remote worker to have a secure network:

Secure the personal network 

If your remote-working employee isn’t a cyber security champion (like you), chances are they don’t know that their personal wifi can be “unsecured” and their wifi router password is probably still the same as when they bought it. 

If possible, have them update their wifi router password to a unique and strong password to prevent attackers from hacking in. 

On top of passwords, your process should also ensure your remote worker’s router firmware is up to date and they have the appropriate encryption for your security level.  

Use a trusted VPN

The easier solution is to provide your remote worker with access to a VPN. This is especially the better option if you have a company network that your employee needs to join. A VPN encrypts internet traffic, protecting sensitive data and preventing unauthorized access to communication channels. The most secure VPNs according to Cyber News are

Tip #2: Establish remote working rules

It is crucial that remote workers understand what they can and cannot do while working from home. Set Remote Working Rules within your organization and have an efficient way to communicate them to any employee who wants to work remotely. This could be through a guidebook, a virtual meeting, or a reminder email. 

Establish if your remote employees are allowed to work in coffee shops, restaurants, or other places with public wifi and what the procedures should be like if they do. It’s also important to acknowledge the different levels of security for different types of work and what the rules look like for each. 

Also address what employees can access and handle when working from home and the procedures they should follow to securely store, transfer or delete files. Remote workers should also shut down their computers when they leave them, set regular updates for both their computers and passwords, and ensure that they never share their login information with anyone.

Tip #3: Separate work & personal

You can’t control what your employees do in their free time. That means you can’t control how strong their passwords are, what types of apps (Ex. TikTok) they download, what privacy settings they allow, or who they let use their personal devices. That’s why it is crucial that your employee does not cross-contaminate work and personal devices. 

Chances are their personal security rules leave their devices much more susceptible to attacks and you don’t want your data affected by that. All employees should be provided work computers and if needed, a work phone. It may seem like a sacrifice in the short run but will be worth it in the long run. 

Tip #4: Have unique training for remote workers 

Remote workers face different risks than in-office workers. They don’t see other employees face-to-face often enough to identify tone. Therefore, they will have more trouble identifying social engineering or phishing attacks posed to be from one of their team members. This gap could lead to lots of human error resulting in the loss of privacy and money for your business. 

Create a unique training program for only remote workers that targets the gaps you identify for your remote team members. Continue to change your program based on the results you see from training and what your employee’s voices are areas of concern.

A remote work cyber security training simulation

Be one of the first businesses to try Click Armor’s newest feature, customized group training. Make a group for your remote workers that will target their biggest gaps and needs. Book a call to learn more. 

Tip #5: Regularly back-up data

Implement a backup strategy for remote work devices to ensure critical data is regularly and securely backed up. This will help mitigate the impact of data loss due to ransomware, hardware failure, or other security incidents. 

All employees (in-office or not) should be implementing these routines, but what makes this unique is that you will not be able to check that they are continuing to back up their data. Consider sending out regular reminder emails to ensure remote workers also remember that backing up data can save their organization a lot of pain in the case of a breach. 

Tip #6: Establish code words

As mentioned before, remote workers will likely have a harder time identifying the tone of their teammates due to their lack of face-to-face interactions. The tone is incredibly important when identifying phishing attacks, social engineering tactics, and deep fakes. As mentioned in our Cyber Security Awareness Forum live panel on deep fakes, a great way to combat this is to establish a code word or code question for different situations. 

For example, at the end of your meeting you could inform your team that before beginning the next meeting, everyone will say their favourite chocolate bar. Then, at the next meeting without being prompted, each person should be able to say their own code word. This could also be implemented for email or instant messages. If you establish a code word (that should change every time) then remote workers will have an easy way to identify if a message is really coming from their teammate or not. 

Tip #7: Have a remote worker breach plan

No matter how many firewalls, rules, and training we put in place, attacks still happen. In the chances of a remote worker being breached, you need to be prepared. Consider how you will implement the 5-Step Breach Plan in a remote environment. How will they contact you if they think they have been breached? What if the malicious software freezes their computer? What will you do to help them isolate and reset their computer? Having the answers to all these questions before the breach happens will help you recover as fast as possible and save your business lots of capital. 

Remote work offers many benefits, but it comes with new and complex cyber security risks. By following these seven cyber security rules, your business can significantly reduce the risk of a breach and keep your data and devices safe. Remember to regularly review your security protocols and update them as necessary to keep up with new and emerging cyber threats. By prioritizing cyber security, you can enjoy the benefits of remote work while keeping your business safe from harm.

 

Scott Wright is CEO of Click Armor, the gamified simulation platform that helps businesses avoid breaches by engaging employees to improve their proficiency in making decisions for cyber security risk and corporate compliance. He has over 20 years of cyber security coaching experience and was creator of the Honey Stick Project for Smartphones as a demonstration in measuring human vulnerabilities.

The post 7 remote work cyber security rules every business should follow appeared first on Click Armor.

*** This is a Security Bloggers Network syndicated blog from Click Armor authored by Scott Wright. Read the original post at: https://clickarmor.ca/2023/07/7-remote-work-cyber-security-rules-every-business-should-follow/