With 2020 social distancing orders and quarantines, more employees than ever before began working from home. As remote work appears to be the new norm—tech leaders like Google and Facebook are going so far as to cancel all physical events until 2021—companies need to make sure that their employees are staying safe online.
Cyber security is serious business after all. In the time it takes to read this article, 10 people will have attempted to hack a system. In 2019 alone there were over 5,000 breaches, a 33% increase since 2018.
In your office, you likely had internet security measures in place and trained employees regularly on the dangers of phishing and other online scams. However, now that almost three quarters of non-remote employees are switching to permanent WFH, it’s crucial that you create a secure cyberspace.
Divvy’s IT Manager, Danielle Cox advised that this process is not as intimidating as it sounds. She says “Don’t be overwhelmed by technology. Even though you’re working from home, there are some simple things you can do to ensure your devices are secure and working well.”
We want to walk through 8 simple steps to keep your employee and company data safe from online attacks. As Danielle said, “it’s really quite easy to keep your company’s information secure.”
8 WFH cyber security tips to keep your company safe
- Change passwords regularly
- Secure your home network
- Use a VPN connection while working
- Do not open unknown emails
- Update software regularly
- Use multi-factor identification
- Use work devices for work purposes
- Create a remote employee work policy
1. Change passwords regularly
Last year, the largest data breach to date exposed over 770 million email addresses and passwords. Unfortunately, these breaches are becoming more common.
Part of the problem is that people have been trained to follow bad practices for setting passwords, and they, frankly, don’t know any better. Guessing passwords is one of the easiest ways for hackers to gain access to business information.
Alarmingly, 59% of people use the same password for everything and 35% don’t ever change their passwords. Businesses need to train their employees to use a different password for every login they have. This used to be an impossible (because who can remember over 100 passwords?), but now, software like 1Password or LastPass make it easy. Even your Chrome browser will suggest and store secure passwords for you.
Implement a policy that your employees use a password vault like this. You can also set up timers on login-required software that forces employees to change their passwords often. Best practices currently recommend long passwords (over 12 characters in length) rather than overly complicated character passwords.
Following password best practices is the easiest fix to preventing cyber security problems. Make sure your passwords are secure to keep your business safe.
2. Secure home networks
With so many employees working from home, you’ll need to make sure your employees know how to secure their home Wi-Fi connections.
Start with the basics by having them set a secure password (see above) on their router. One study shows that 69% of people don’t change the default password on their router. Don’t let your employees fall into this trap. It takes less than a minute to change your Wi-Fi router and can tremendously boost your security.
Next, instruct employees to monitor all devices accessing their Wi-Fi—the same study found that 70% of people have never checked the saved devices connected to their Wi-Fi. Most internet providers make this easy to do. If you download the app or log in to your account, you can see a list of exactly who or what is on your Wi-Fi.
Finally, suggest that they create a separate Wi-Fi network for work and personal use. It’s not too complicated to configure multiple networks on one router; employees should be able to contact their wireless providers for step-by-step instructions. If someone hacks into the Wi-Fi account they can then access all devices connected to that particular Wi-Fi network.
By following these steps they can stop hackers from trying to monitor their usage and block them from easily getting access.
3. Use a VPN connection while working
A VPN, or Virtual Private Network, is an application that encrypts internet browsing to help protect the user. Globally, 26% of internet users have used a VPN previously and many companies offer them for work outside the office. In fact, 400 million businesses and direct consumers use VPNs worldwide.
There are many different VPNs you can institute for employee-use. They encrypt data and make sure your employee’s IP address is hidden, boosting their cyber security. Employees can access VPNs on their laptop or mobile phone which is important as they work from offices other than the main office building.
4. Do not open unknown emails
Verizon Data Breach Investigations stated that 32% of breaches involve phishing. A phishing email is a type of scam from an unsecure source pretending to be a trusted individual, such as a bill collector or even a CEO. Email scammers of this sort will try to lure sensitive data out of your employees—things like critical names, financial log-ins, or other sensitive information.
While you may have trained employees to watch out for phishing emails previously, you will need to offer even more reminders in these uncertain times. Not only are scammers increasing the numbers of attacks, employees are falling prey to “urgent” messages because they don’t seem as out of the ordinary right now. In fact, click rate on phishing emails has risen from less than 5 percent to over 40 percent in the current crisis, (according to Karl Sigler, senior security research manager of SpiderLabs at Trustwave).
Your employees can prevent phishing attacks from cyber criminals by verifying who the correspondence is coming from (the sender name and sender email address match) and that the email is coming from a valid email address (this is a key indicator). As a rule, train employees never to click on any in-email links from suspicious senders.
Coronavirus scams are on the rise. Be aware of the different types impacting businesses right now and learn how to identify these scams and protect your business before you fall victim.
5. Update software regularly
20% of all vulnerabilities caused by unpatched software are classified as High Risk or Critical. Software updates are a quick and easy way to prevent unwanted hackers from accessing your employees’ data. When you update software it can fix any security flaws that previously existed, ensuring your data stays safe.
To make sure your business stays safe, have your employees turn on automatic software updates on their devices and report anything that doesn’t work correctly or appears suspicious to your security or IT departments when issues first arise. A few minutes can save your employees and company a lot of hassle.
In the Equifax data breach of 2017 there was a software update available a couple months prior to the breach that would have fixed the bug that allowed the hackers to get in and access data.
6. Use multi-factor identification
Multi-factor identification or authentication, MFI or MFA, requires employees to provide at least two forms of verification before accessing whatever data they’re trying to enter. Forms of identification may include tokens, fingerprints, passwords, and codes that are sent to their registered email addresses or phone numbers.
Although it may feel time consuming to put in a little extra information, Google says this cyber security measure will block 100% of automated attacks.
MFA is effective because a hacker must access more than one device and likely doesn’t have that information readily available (phone, verified email account, etc.). These verification devices tend to be trusted devices, meaning they’ve been verified by the correct party previously. Multi-factor authentication is free and available on commonly used products like Gmail, Facebook, Twitter, Microsoft and Apple. You should require employees to use MFA on any business platform that requires a login, if available.
Take a look at how we’ve implemented multi-factor authentication at Divvy to help ensure our employees login safely.
7. Use work devices for work purposes
Most employers provide team members with work devices in order to better secure their systems. However, with a transition to remote work, it’s highly likely that your employees will want to use home computers, monitors, and other devices in order to upgrade their work stations.
Unfortunately, BYOD policies can open up your company to unexpected risks. You’d be better off allowing employees to bring equipment home through a formal check-out process. Employees will perform better if they have the equipment they need and you’ll be more confident that sensitive information is safe.
It’s also a good practice to train your employees on what activities they can perform on their work devices and what activities should stay on their personal devices. For example, many companies encourage employees not to store personal passwords on company laptops. Other best practices include keeping work and personal browsing separate and requiring access to all work data through secure sources verified by the organization.
8. Create a remote work policy
Having a remote work policy your employees can reference will help keep your cyber security strong throughout your organization. Hopefully, you built in this policy as soon as you transitioned to WFH, but it’s not too late to provide clear guidance to your teams.
In addition to remote work policies for cyber security, you should also set clear expectations related to WFH culture. Keep a pulse on employees feelings and expectations by sending out regular surveys and creating an open-door policy via email, phone, or instant communication. It’s important employees who work remotely understand they still have an HR team they can talk to and that they feel comfortable doing so.
Safety for your employees and your data
Many companies have worked diligently to ensure the physical safety and well-being of their employees as they reopen their businesses or continue WFH. However, it’s also important to take all the precautions possible to maintain a secure cyber space.
Take advantage of the security features your employees can access and teach them best practices for passwords. Encourage multi-factor identification and have them set their computers to automatically update. Taking simple preventative measures like these will save your company money and prevent unnecessary headaches in the long run.