SoftwareOne logo

5.75 min to readThought LeadershipDigital Workplace

How to cut security risks for remote workers

Ravi Bindra
Ravi BindraCISO
A woman's finger is pointing at a colorful screen.

The current state of cyber security in the remote workforce

Due to the worldwide pandemic, the amount of remote workers has risen exponentially. Gartner has reported that 88 percent of organizations around the world either made it mandatory or encouraged their employees to work from home as COVID-19 cases began to rise.

According to Morphisec’s Work-from-Home Employee Cyber security Threat Index, 49 percent of employees say working from home was an entirely new experience when the pandemic hit. And while 75 percent of telecommuters stated they usually or almost always take the cyber security advice given to them by their IT teams, 20 percent said their IT team had yet to provide any tips for working remotely.

With the sheer number of new remote workers, staying secure at home has become a major worry for organizations. Everything from phishing attacks to weak passwords could be putting your organization at risk. That’s why it’s so important to equip employees with the necessary tools and knowledge to avoid and cut risks as they work from home.

How to reduce risk

Since so many workers are new to working from home, there’s a great chance that many are unclear on how they may be putting themselves at security risk. Let's take a look at a few areas where remote employees may encounter risks.

Removable media

Be sure to share with your employees the importance of being careful with removable media. Removable media is considered any device or portable storage medium that allows a user to download and/or copy data to it and transport it elsewhere. This includes USB drives, smartphones, SD cards, music players, and more.

While removable media is inexpensive and convenient for storage, it can be dangerous. Malware can be planted on removable media, which can easily be replicated and distributed to other unprotected devices that use the removable media. This can pose serious risks to your organization’s cyber security. If your employees choose to use removable media, make sure their device is protected, that they do not share it or plug it into unknown ports, and they understand how to properly and securely transfer data.

USB key drop

Delving further into USB devices, there is another risk your employees may not be aware of: USB key drop attacks. A USB key drop attack is when a cyber criminal purposefully leaves behind a USB device for someone to find. The idea is that whoever finds the device will plug it into their computer, giving way to an attack. These criminals may do so through malicious code, social engineering, or human interface device spoofing. To prevent this from happening, warn employees about the dangers of plugging in unknown or “lost” USB devices. This includes USB devices such as fans, headsets battery chargers, etc. While they may have good intentions in trying to return the device to its rightful owner, that’s not always the case. Curiosity often gets the best of people and that’s exactly what cyber criminals prey on. The risks are just too high.

Dumpster diving

Though it may seem silly, dumpster diving is a real threat to the security of your organization. Sometimes employees may have a careless moment and trash something containing important information, whether through disposing of a hard drive, items in your Recycle folder, or literally documents in the garbage can. If a cyber criminal gets a hold of this information, they could use it against your organization.

Talk to your employees about the dangers of dumpster diving and run through the list of information cyber criminals typically seek. This can include marketing information, employee addresses, and other contact information, account logins, medical records, and more.

Confidential material

Speaking of private information, teach your employees about keeping everything confidential. It can be easy to slip while working remotely, but everyone in the organization should be doing everything in their power to conceal their private information and ensure it is only accessible to those who are authorized to do so. If someone who is not authorized to view this information gains access, it’s considered a data breach or breach of confidentiality.

Work with your employees to ensure the appropriate passwords and two-factor authentications are in place so no one accidentally falls victim. And make sure they do not post pictures on social media with their work screens in view. Again, it may seem like a no-brainer, but it happens more than you’d think.

Free WiFi

We get it, working at home can get pretty cramped. Maybe you skip down to the coffee shop to get some work done, or a local hotel is your oasis. But free access to public WiFi is a breeding ground for cyber criminals since organizations scarcely take the proper security measures to keep malware out.

With free WiFi, criminals can spy on and even intercept data that is transferred on the network. Through this method, cyber criminals can gain access to confidential information to both the user and their organization. While it is quick and convenient to use free WiFi, encourage employees to use personal or work hotspots to get work done whenever they are working in a public setting.

Home WiFi

You may think your home WiFi is safe and secure but think again. Have you ever noticed your neighbor’s WiFi networks pop up when you’re connecting? Your WiFi reaches further than just the confines of your home. When people outside of your home can pick up a signal from your router, that means they can likely also capture data and crack your passwords. This could easily lead to a cyber criminal installing malware on your network.

Employees should implement firewalls and strong passwords and be sure not to use the default router names and logins given at installation. Wireless protected access 2 (WPA2) is particularly helpful in this situation. By locking down your WiFi to just your home, you’ll be able to stay safe and secure.

Preventing rirsk for remote works in the future

We know these are trying times - but don’t let them become more challenging. Talk with your colleagues about their concerns and fears about cyber security to get a baseline of where everyone is at in terms of cutting back risks. Then, discuss how they can begin to make changes within their own daily lives to make your organization a safer place no matter where everyone is logging on from. When everyone begins to make these changes, it will become second nature. And in times like these, it pays to stay safe.

blue digital waves

Digital Workplace Security

SoftwareOne Digital Workplace Security Services add security without contributing to your staffing overhead. We operate a dedicated security operations center (SOC) that tracks data vulnerabilities globally to prevent losses due to break-ins or employee errors.

Digital Workplace Security

SoftwareOne Digital Workplace Security Services add security without contributing to your staffing overhead. We operate a dedicated security operations center (SOC) that tracks data vulnerabilities globally to prevent losses due to break-ins or employee errors.

Author

Ravi Bindra

Ravi Bindra
CISO

Ravi holds over 20 years’ experience as a cyber security evangelist, holding multiple leadership roles in the Swiss pharmaceutical industry, such as Global Head of Risk Management, Global Head of Architecture and Global Head of Security Operations.