5 Ways to Protect Remote Workers — and Your Organization — from Cyberattacks
Many organizations were unprepared when the COVID-19 pandemic required them to close their physical offices and shift to remote operations. Some may not have the right tools or practices in place to remain secure while an entire workforce is logging in from offsite. Organizations may have even cut security "corners" in the rush to enable teleworking.
Your organization, for example, may have had to scramble to set up a virtual private network (VPN) or move files to the cloud. And while adapting to working from home, employees may have let your usual security procedures slide.
From a cybercrime perspective, working from home generally isn’t as safe as working in the office. Therefore, you should look for ways to protect your disbursed workforce and prevent criminals from gaining access to your digital assets.
Here are five ideas:
- Invest in education. Require remote employees to participate in security-related training that covers “old-school” phishing scams as well as new COVID-19 variations. As schemes emerge (check the Federal Trade Commission’s website for the latest), notify employees and remind them what to do if they think they’ve fallen victim to a scam. Alert your payroll department to fraudulent emails asking to change employee direct deposit information. Encourage out-of-band communication channels to verify their identity.
- Enable automatic updates. To keep the operating systems of employee computers safely patched, remind workers to enable automatic software updates. Also, double-check that every employee-assigned device is fortified with current malware and antivirus software. Make sure your IT department has a strategy to deploy security patches and virus definition updates to a remote workforce.
- Revisit access privileges. To maintain productivity, most employees need access to the same systems at home as they had in the office. However, consider reviewing which workers have access to certain files, network controls and cloud accounts — and whether they really need access now. Remember that when employees work from home, their partners, children and visitors may have easy access to their computers. To protect your business or organization, ensure systems generate user audit trails that can be followed in the event of a breach. Multi-factor authentication is also a great way to secure a work-from-home environment. Encourage users to be suspicious of unsolicited authentication requests.
- Protect WiFi connections. While working from home, employees use their personal WiFi connections to access your organization’s IT environment. Unfortunately, many people use the default WiFi password or a simple password that hackers can easily break. To foil fraud perpetrators, employees should change it to a complex combination of letters and other characters. If possible, require them to use a VPN with two-factor authentication.
- Secure your video conferences. Most video conferencing services employ multiple layers of security. But some platforms offer greater protection than others. Before choosing one, perform a simple Google search to read user reviews and security bug reports. Once you’ve selected a service, communicate security protocols before allowing employees to use it. Also make sure employees are installing the latest patches.
Finally, provide employees with access to a technical support desk so they can report problems — and get solutions — as quickly as possible. Review your incident response plan to also ensure that contact information and call trees are current.
These are just a few ways to ensure you keep your organization and employees safe in the current work-from-home environment. Now is the time to ensure you’re properly managing risk and reevaluate your business continuity and disaster recovery plans.
Working from home may be new for a lot of Americans, but fraud is a familiar foe for most. If can be defeated with appropriate knowledge and tools.
For information about our fraud prevention and detection services, please contact Ron Steinkamp, Advisory Partner, at firstname.lastname@example.org or 314.983.1238, or Jason Buhlinger, Principal, Transaction Advisory and Litigation Support, at email@example.com or 314.983.1310.