With remote work increasing every year, companies have adapted to a more flexible work schedule. Not only does this leave employees with more freedom, but also more responsibility when it comes to their work and protecting themselves online. Symantec reported that between 2015 and 2017, the U.S. was the country most affected by targeted cyberattacks with 303 known large-scale attacks. We’ve compiled some ways to keep your remote employees safe from any potential cyber threats.
Provide a private network
A virtual private network creates a secure network from a public internet connection. This network masks your IP address so that everything you do online becomes untraceable to those who might be looking. VPN services also establish a secure and encrypted connection to help provide more privacy. While working in coffee shops, libraries, or any other public space, anyone is at risk of falling victim to identity theft through dangerously weak networks. A VPN can help protect you while you perform any tasks on these networks, including paying bills, downloading sensitive/private information, online shopping, sending emails, etc. It’s important to make your employees aware of virtual private networks and why they should always be used. Help remote employees find the right provider and price range that fits their needs and budget. Offering a discount for products like VPNs or antivirus protection is the best way to ensure your employees are safe and cyber-secure.
Providing a VPN is one solution, but another way to do it is to deploy cloud desktops for your employees. Also known as DaaS (Desktop as a Service), it’s one of the easiest ways to allow a seamless transition for your remote users without compromising security, especially in a BYOD environment.
Educate employees on cybersecurity
There are several ways to educate remote employees on the do’s and don’ts of cybersecurity. Hosting a seminar or a quick 30-minute session is a smart way to get everyone involved and educated all at once. Discuss what cyber issues the company has had in the past and what protocols are currently in place for specific threatening situations. Inform employees on what protection they should be used for any and all company devices and any other options they have available such as cases, antivirus protection, blackout screen protectors/shields, etc. Talk to employees about phishing scams, malware, viruses, and any other threats that could potentially hit company devices. Presenting different ways employees can protect their information, can help keep their identity, and even their clients’ sensitive data safe.
Important cyber terms to know (and teach):
Phishing: A fraudulent attempt to obtain sensitive information such as usernames, passwords, and credit card details by disguising oneself as a trustworthy entity in some form of electronic communication.
Digital Footprint: A data trail of everything you do online, whether it’s tweeting, emailing, or sharing a post.
Identity Theft: Scammers steal your personal info and use it to rip you off in a number of ways.
Ransomware: A form of malware that deliberately prevents you from accessing files on your computer. It will encrypt files and request that a ransom be paid in order to have them decrypted or recovered.
Malware: Any software that is intentionally designed to cause damage to a computer, server, client, or specific computer network.
Adware: Software that generates revenue for its developer by automatically generating online advertisements in the user interface of the software or on a screen presented to the user during the installation process.
Dark Web: An untraceable network of sites where anonymous users can access just about anything, including illegal or unconventional content.
IP Address: A numerical label assigned to every device connected to a computer network that uses the Internet Protocol for communication.
Firewall: Part of a computer system or network which is designed to block unauthorized access while permitting outward communication.
Breach: When a hacker successfully exploits a vulnerability in a computer or device and gains access to its files and network.
Designate a point person
Throughout the cybersecurity learning process, it’s essential to designate a point person for all things cyber-related. Maybe this is your IT manager, tech developer, etc. There should be someone who can be contacted in the case of a cybersecurity emergency. Everyone should have a direct line to this person (especially remote employees who rely on technology all day to get their job done) and be able to contact them at all times (virtual phone number, email, desk/floor #, etc.) Electing this point person will alleviate any stress or anxiety about what to do when a tricky situation arises. Be sure this person goes through proper IT/cybersecurity training and has a process in place for unplanned situations. Also, provide them with any materials/software they need to help others who require IT assistance.
Establish a process for employees coming/going
Throughout the growing process of a company, employees will come and go quite frequently. It’s imperative that businesses keep track of tech-related items like user access, email accounts, software, and any other programs that were downloaded or used in their everyday role. This is the responsibility of both HR and IT. Human resources should be in constant communication with the IT team to discuss who needs access and who should be removed from access whenever a change in staff occurs. IT should be wiping devices clean after an employee departure and updating all devices with current software and programs. Here’s a shortlist of some of the tasks that should be completed for employees as they leave the company:
- Disable (not delete) their access to all systems.
- Remove all organizational data from their devices.
- Make sure the employee returns all company-owned devices: tablets, USB drives, laptops, cell phones, pagers, etc. Give them a document to sign stating they returned everything.
- Be aware of all locations of stored data – cloud platforms, etc.
- Remove and delete company-associated email accounts.
- Remove access to any corporate sharing platforms.
- Move files over to an appropriate location going forward.
- Update company website, directory, data center, etc.
- Contact any vendors the employee worked with on a regular basis. Alert them to the departure and direct them to a new contact.
There are several steps involved in this process – these are just some to remember as you begin. As we’ve infamously seen in the media, there are many instances where a disgruntled former employee can do some serious cyber damage to a former employer, further putting other identities in harm’s way. Any sort of hack could expose financial information, HR records including social security numbers, addresses, and even access to confidential business transactions. Earlier this year, AppRiver Cyberthreat Index for Business Survey reported that more than half of cybersecurity executives at small and medium-sized businesses fear a major data breach more than a flood, fire, transit strike, or even a physical break-in of their office. Why is that? Because former employees have more information about the company than the general public does. They know how to access specific company networks and most of all, know the people inside who they can manipulate or target. Taking the necessary steps to clear out an employee’s access is vital to the protection of the company as well as other employees. It should be done immediately with no pause in between.
Not only do these actions apply to regular on-site employees, but remote employees as well. Since most of their days are spent across from a computer and not face-to-face with other employees, this information is crucial for their day-to-day job. Take the time to cater to your remote employees and make sure they feel secure and taken care of; that should begin with cybersecurity.