Staying attached to an office desk isn’t necessary for hundred of thousands of employees anymore. Over time, hiring remote employees is becoming a common way. Communications are simpler than ever, and often there’s no point in maintaining an office space, pay more for utilities, and chain employees to the workspace when they can do the same — sometimes in better quality — from their homes, favorite cafes, libraries, and even parks.
But on the other hand, security is becoming a bigger concern. It’s one thing to follow your policies and set restrictions when needed at your office. It’s an entirely different thing when the employees are far away.
I’ve asked several cybersecurity professionals what measures from the employer’s side are necessary and why exactly.
Here’s what Pete Canavan, a personal safety expert and the author of the bestseller The Ultimate Guide to College Safety, has to say about the importance of cybersecurity awareness.
“Drill into your employees the need to be vigilant and not complacent. Just because they (or your company) haven’t been hacked before, doesn’t mean it cannot happen.
A recent survey by the National Small Business Association found that 50% of businesses they surveyed had reported being victims of cyberattacks, and 3 out of 4 were small businesses with less than 250 employees.
The average cost of a cyberattack is around $21,000, and within 6 months, 60% of those attacked go out of business.
Let your employees know that if they want job security, they need to help contribute to your company’s security!”
Today, we’ll share the 10 essential tips to ensure your remote employees’ cybersecurity.
- Be specific about your policies
- Train your employees
- Assign a security officer
- Avoid public WiFi
- Encourage VPN use
- Don’t neglect antivirus software
- Use corporate devices
- Limit messenger and mailing usage
- Backup everything
- Keep all software updated
1. Be specific about your policies
We get it that you try to hire people who understand how much cybersecurity matters. But they still need your guidance and strict policies to understand what’s a must to keep safe and what’s at their own discretion.
The next few tips will help you with the policies.
Make sure the employee understands every point of the policies. Many companies have special courses for the employees do learn all about their new security rules during the training period.
2. Train your employees
All your employees, especially the remote ones, need both theoretical and practical cybersecurity skills.
Patrick Sullivan — an Information and Cyber Security professional — puts employee training above all measures.
“Employee training is as important in protecting remote employees as any protective software. Both free and commercial programs are available online for security awareness training.
Even generalized security awareness information, not specifically catered to a specific business sector or to business at all, is better than an unknowing, vulnerable employee.
However, commercial training programs may offer not only lessons and education but real-world testing as well.
For example, my employer subscribes to software that allows the company the ability to create fake phishing emails and send them out to employees, to report upon how many employees open the emails or, even worse, click on the links or attachments.
Then, with the information gleaned from these tests, they can focus additional education on specific types of email attacks that their employees do not easily recognize.”
3. Assign an information security officer
You have your policies now, and your employees have learned them very well. That’s great but who’s responsible for following up on those policies?
Who’s the one to notice any cybersecurity issue and take the necessary measures? There can either be a dedicated officer or someone from the management who can take on that responsibility.
If you’re running a small business, you can be your own security officer. For larger companies, a dedicated specialist is a must.
The information security officer will supervise everything from the policy creation to daily monitoring and fixing the security issues if any arise.
4. Avoid public WiFi
Working at a local coffee shop while enjoying a big cup of double americano sure feels better than sitting in a small cubicle for 8+ hours.
And neither you nor the employee has to pay for the Internet connection.
But is it a perk or not?
Public WiFi is known as one of the biggest reasons devices get hacked. It doesn’t encrypt your information so anything you do is available to the network owner.
If the employees are using the public connection either way, make sure they know whom the network belongs to. Hackers often share the network with a name that doesn’t sound suspicious: a coffee shop name, “Free WiFi,” “Public WiFi,” and so on. Employees must make a habit of making sure the network owner is more or less trustworthy.
5. Encourage the use of VPN
Whether from home, a library or a coffee shop, through VPN, your employees will be able to connect to your office network. This way, you can easily manage and monitor all their work-related activities.
Just don’t trust the first VPN service you see. Do some research. You won’t find a worthy service for free.
Even the random coffee shop connection is no longer a threat with a quality VPN. This is how most companies handle remote work.
If you’re having a hard time choosing your service, here’s a subreddit dedicated to VPN; enjoy!
6․ Use corporate devices
Even when I’m at the office, I love using my personal smartphone for work. My phones are always the largest size so that I feel free to work with text and images on them. But how safe is that?
Not much, really.
It’s always preferable to provide the employees with corporate devices with pre-customized security settings and tracking options.
But even if you don’t, use corporate software to ensure the secure file and data exchange.
7․ Don’t neglect antivirus software
Both your office devices and your employees’ personal ones are and always will be vulnerable to unexpected infections. Unless you isolate them and don’t exchange any data at all.
That’s why you need antivirus software on all employees’ devices — both desktop and mobile. Make sure to use updated versions of trustworthy applications.
Here’s how Patrick Sullivan explains the necessity of antivirus software:
“There are many ways that employers can help keep their remote employees safe while online. It is very important that employers install anti-virus software on all computers that their remote employees use for employment purposes.
Ideally, this anti-virus software would be centrally managed, allowing the employer to verify that all of their employees’ computers have the most updated anti-virus definitions and to ensure that scans are running on a regular basis.
For smaller companies with few employees, it may not be necessary to purchase and install an enterprise-grade, commercial solution, but there is also free or inexpensive anti-virus software available that still offer central management solutions.”
8․ Limit messenger and email usage
That’s what companies do when they’re working with sensitive information. It’s easy to force in-house employees to only use the corporate communication channels but how do you manage it with remote ones?
First of all, open corporate emails for everyone. You can use GSuite, an easy and affordable Google product.
Then, for fast internal communication, set up a service like Slack.
Make sure to stick to these channels for any kind of business communication. You can monitor and control everything with these tools and quickly notice any issue.
There are companies that only give the employees work email addresses when those employees have to communicate with clients and partners. But in reality, work email is mainly a security measure to protect the information even when it’s just shared with a colleague.
9. Backup everything
It’s a fact universally acknowledged that even the most secure systems can get hacked.
And if one day that happens to you, you just can’t afford to lose your data.
This is why you always need to backup your employees’ work and ask them to do the same.
Copy all files to a hard drive and to cloud storage at least once a week.
Real-time differential backup is also a must for your website. Although, sometimes you can do it a little less often. We have a nice 6-minute read on the ideal backup schedule for a WordPress website.
10. Keep all software updated
Any software can have vulnerabilities, and hackers are will never seize trying to find and exploit them.
Todd Boutte, the cybersecurity expert at EVAN, emphasizes the risks of using outdated software:
“Hackers target older software due to unpatched vulnerabilities and limited manufacturer support. Stay up to date with recent releases of your operating systems, web browser, and antivirus software.”
But you should also be careful when updating your software. Are you sure the updates come from a trustworthy source?
“Before you install updates, software, plug-ins, or add-ons directly from your browser, make sure the source is legitimate. If you’re unsure, visit the manufacturer’s website or trusted app store before installation,” — Boutte says.
Remote work can save you and your employees a lot of time and resources but it’s also a little riskier in terms of cybersecurity. This is why you and your employees should strictly follow your security guidelines when exchanging information.
Take an extra step to make sure it’s all nice and secure before you actually face a cyber threat.
And always have your backups to restore in case all these measures fail.
Stay safe and share your security tips in the comments!
Got burning questions regarding all things WordPress? Throw them our way in our WordPress family facebook community and we’ll answer them for you.