How to Ensure Remote Employees are Safe from Cyber Threats
by Galina Divakova on Nov 9, 2020 12:00:00 AM
In March 2020, the world was forced to stay at home. For some, this meant a complete overhaul of working processes. A lot of companies struggled to create a supportive work-from-home environment for their employees. This quick transformation put a spotlight on one major aspect of remote working many hadn’t previously considered: cybersecurity.
In this article, we want to share with you a few steps companies can take to ensure remote employees are safe from cyber threats as they continue to work from home.
Assign a Point Person
Having a cybersecurity professional available to deal with cyber threats is important, as not all employees are cybersecurity experts.
You should assign one person from your IT team to be the point person for all things cybersecurity-related. Having a designated person is essential to responding quickly if a data breach occurs.
Needless to say, all remote employees should have direct access to this person. Create a dedicated email, phone number, or slack group for security conversations. You might even decide to hire someone full-time to fill a dedicated cybersecurity role, depending on the size of your business.
If your company doesn’t have a specialized IT department, then you can hire an IT consultant company (also known as a Managed Services Provider). This company can provide guidance and even offload the bulk of implementing a security program that addresses working from home.An MSP can support your existing employees by helping them with all their cybersecurity, cyber threat, and IT-related queries. Many MSPs now work around the clock and have teams dedicated to providing support.
No matter if you work with someone or have an internal IT department, you should have a plan of action designed for remote working scenarios. Create materials, videos, and guidelines that your employees can learn from during remote working.
Offer a Virtual Private Network
A popular option for additional security is to use a virtual private network (VPN). A VPN will allow you to connect back into company servers while you are offsite.
Most companies have gone the VPN route because of the benefits they provide:
- Encrypting communication from untrusted home networks
- Sharing of files that are stored on the work network
- Using legacy (non-cloud) applications
VPNs can also be used in conjunction with security solutions like DNSFilter. This way, employees can rely on their company networks while also being protected from seeing malicious websites.
Educate Your Employees
Your employees may not be aware of what cyber threats exist, despite precautions you have taken as a company. Employees often share computers with family members or have simple passwords that are easily hacked.
Start educating your employees about the basics of cybersecurity and put clear policies in place.
Have your IT team or IT consultants host virtual sessions with different teams. Encourage employees to ask questions. Keep these sessions limited to smaller groups, this way your employees will be more likely to ask questions. It also ensures you’ll have time to get to everyone’s questions. Holding smaller training sessions also enables you to be focused on the threats common to different departments.
Consider creating a basic questionnaire and emailing employees a few days earlier, asking them about their security practices and knowledge. Questions might include:
- What do you consider a cyber threat?
- In the past 7 days, have you opened a suspicious email?
- How do you store passwords?
In the virtual meeting, share these observations and answers. This will give you a basic understanding of your employees’ knowledge. Be constructive and show understanding. All questions and apprehensions are valid. After all, not everyone starts at the same basic level of cybersecurity awareness.
Share basic terms and concepts within cybersecurity, such as:
A breach occurs when information is compromised in some form, either intentionally or unintentionally. A breach isn’t necessarily going to be noticed by a non-technical employee, but they may notice something peculiar that leads to the discovery of a cyber attack resulting in compromised data.
This is one of the most common ways hackers get access to sensitive information, like banking information or passwords. Phishing can come in many forms, with email and phony landing pages being the most popular. These scams are getting more elaborate and can easily fool you if you don’t pay attention. For example, if you receive an email from Apple saying your account has been hacked, look closely at the sender and preview the link before actually clicking (you can do this by hovering your mouse). Don’t click on suspicious links or provide personal information to anybody without confirming their identity.
Malware is a broad category, but it refers to any software designed to harm your computer, data, or damage your network.
A type of attack growing in popularity, ransomware falls under the malware umbrella. This attack is especially devastating since it encrypts user files and then demands a ransom to decrypt those files. This leaves companies (and individuals) with a difficult decision.
Establish Protocol for new employees
Any transition will mean handovers, changing devices, transferring access, and moving files. If you’re doing this a lot, it becomes very easy to be lax about cybersecurity. But companies have to pay close attention to employee-related access and accounts during these transitions.
This will require collaboration between Human Resources (HR) and IT departments. If your data is monitored by an IT Consultant or MSP, then they need to be informed of employees joining or leaving. Human Resources should have the exact information about new employees.
Establish a protocol for all employees leaving the company. Have a similar protocol for new employees. It is imperative that you create a structured routine for transfers, new additions, and employees leaving. A routine will minimize the chance of cyber threats or danger to security.
The protocol for employees leaving the company should include steps such as:
- Disable all access to the company network and systems
- Returning company-owned devices
- Sign a statement/form listing all data and devices which have been returned
- Disable access to company-owned or group based accounts, systems, and networks
- Rotate access (change passwords) to any shared resources the user had access to
- Back up company-related information to another device and the cloud
- Ask the employee to delete any company information or data from their device
- Oversee any data transfer from their personal device to company-owned devices and networks
- Sweep their device completely, change private codes, and ready it for the next employee/user
- Inform vendors, clients, and the team of the employee’s departure. Direct them to the new employee using mail and providing their contact information.
Similarly, a protocol should be created for new employees.
For your new employees, hold seminars or training workshops emphasizing the need for privacy and cybersecurity. Have a defined remote device policy that defines who may access work-issued laptops. Inform the employee about any particular software installed on their laptop.
Utilize tools for threat protection
Tools such as DNSfilter, virus protection, threat mitigation software, and password managers are built to protect your company. But don’t stop at just installing the software. Do regular penetration testing and update software as new versions are available. Tools are essential, but solely relying on tools without regular testing can be a big cybersecurity mistake. Make sure you’re checking in with your vendors to see what new offerings they are making available, as well as staying on top of cyber threat trends.
With remote work gaining popularity, cybersecurity is one of the most essential things for any company or institution. Your employees are the ones with the most power, knowledge, and access to your secure data. Helping them understand security and protect themselves will keep your company safer as a whole.
Check out DNSFilter's previous blog for more advice on keeping remote workers secure.
When researchers talk about DNS security, they often refer to anything that protects DNS infrastructure. Although protective DNS and DNS security fall under the cybersecurity umbrella, protective DNS takes a different approach to cybersecurity than standard DNS security. Both security strategies are important for the stability of your business, but protective DNS reduces risks from your weakest link–human error. Protective DNS is critical for you...
The impending Cisco Umbrella RC End-of-Life has many Umbrella users concerned about their next steps and questioning which protective DNS solution might be able to fill the gap for their organization.
Industry State of the Art
This month there was a high level of focus on compliance issues spanning several focus areas from governments and oversight agencies around the world. And while there were actions taken with regard to specific vulnerabilities, a larger spotlight was placed on bigger picture security considerations in a more general context.