From home sweet home to home safe home: How to maintain security when employees work remotely

“Invite to pay raise briefing? Yes! Finally!”

Sarah (a remote worker) leapt up from her dining room table and danced around the room with her dog.

Since 2020, Sarah’s been working remotely.

At first it was surreal. 

Then it just slowly became the new normal. 

Sarah had worked her socks off through a pandemic, through soaring prices, through turbulent markets. She was ready for a salary boost.

So, Sarah enthusiastically clicked on the Zoom invite, while planning on treating herself to a new fancy plant with her first plumper paycheck.

Just one click was all it took for malware to make itself at home on her computer. 

And it sent Sarah’s colleague an email asking for an urgent fund transfer to a cybercriminal’s bank account.

And in a matter of minutes . . . cha-ching.

It was a delightfully lucrative morning for the bad guys.

 Welcome to working remotely? It doesn’t have to be this way.

Where did Sarah go wrong?

Actually, this isn’t about Sarah. Nope.

This is about the cybersecurity team that let her down and how to maintain security measures when employees work remotely. Because although it’s no walk in the park, protecting remote workers is perfectly possible. 

The COVID-19 pandemic forced many organizations to adopt remote and hybrid working models—and rapidly. Remote access became an overnight requirement. 

It’s no shocker that this left many security teams struggling to keep up with the challenges posed by this new way of working.

It’s such a widespread challenge that we created the ultimate ebook for security professionals looking to enhance their remote working support. It’s called “Hybrid working is not an excuse for more crap e-learning”, and it’s got everything you need to create a successful remote working environment for your people. From the right technology tools to the right mindset, it’s all there.

So, how exactly did Sarah’s security team seal her fate and ensure an unhappy ending?

They didn’t make it possible for her to work safely from home.

Ah, the plight of the remote worker. It’s a little like sending your troops into battle with a wilted stick of celery, while the bad guys have got razor-sharp swords.

It’s no secret that remote users need your help to shore up their defenses against attacks. 

So how can you ensure you don’t put your people in Sarah’s unenviable situation?

Well, how about a checklist that’ll help you dodge some major pitfalls? Are you ready?

1. Checking emails for signs of scams

Okay, so you already know that’s one of the most common ways that cyber criminals target organizations. They love using social engineering to exploit human nature and trick people into clicking on malicious links or downloading harmful attachments. 

It follows, then, that you need to help your people to spot phishing emails and know what to do if they receive one.

The best way to do this is through effective security and awareness training. Be sure to cover topics such as identifying suspicious emails, looking for telltale signs of phishing scams (like spelling errors or unusual requests), and reporting any suspicious emails. 

But that’s not all. You also need to have a clear incident response plan in place. You have to assume, despite your finest cyber-hustle, that sooner or later someone will fall victim to a phishing attack or phishing scam. 

Make it super easy to follow and include steps such as disconnecting the affected device from the corporate network, contacting the cybersecurity team, and possibly calling law enforcement.

2. Policies, procedure, guidance, winning

Next, let’s talk about one of the top ingredients in winning the battle against cyber threats: Policies, procedures, and guidance.

Sexy? Nope. But when it comes to working remotely or hybrid working for that matter, they’re essential.

Because they’re how you ensure that everyone in your organization knows what’s expected of them. 

We’re talking everything from strong password policies and acceptable use policies to procedures for reporting security incidents.

As a cybersecurity pro, it’s your responsibility to make sure that these policies are regularly updated and easily accessible for everyone. 

But having policies alone is not enough. You’ve got to provide regular and effective training to reinforce the importance of following these policies and procedures.

Equally important is to provide your people with the tools and technology that can help prevent attacks. This includes investing in antivirus software, firewalls, and other security tools that can provide the best possible protection for your organization.

3. Personal devices: Antivirus

Some organizations allow people to work on their personal devices. This can be a pretty sweet deal for both parties.

But things can quickly sour when an unsecured device becomes the entry point for cybercriminals to attack your organization. That’s where antivirus software comes in handy.

But you can’t assume everyone knows how to choose, install, and maintain a decent antivirus product. You need to ensure that all people working on personal devices have the proper protection.

Make sure you provide guidance and support on how to secure personal devices and have antivirus software installed and updated regularly. 

This simple step can help to prevent malware infections and other types of cyber attacks, and keep your organization safe and sound.

4. Personal devices: Updates

You’ve probably put a lot of time into making sure people keep their work devices up-to-date with the latest security patches and software updates. So why are so many of us blind to personal devices?

Naturally, they can be just as vulnerable to cyber attacks, especially when people use them for work purposes.

People would never leave their house unlocked and put their fanciest watch in the window to tempt thieves in. That would be a security threat, right? But without the right device security interventions this is exactly how people sometimes treat their personal devices.

That’s why it’s crucial to stress the importance of regularly checking for and installing software updates on personal devices. Outdated software can create vulnerabilities that cybercriminals can exploit to gain access to sensitive data. Goodbye data security, hello costly breaches.

You need to educate people on the importance of keeping their personal devices secure. Encourage them to install updates as soon as they become available, and provide clear guidance on how to do so.

Another important step in securing personal devices is to ensure that they have the latest software updates installed. Outdated devices or apps can be an entry point for malware into home networks, which can then spread to other devices on the network.

5. Personal devices: Firewalls

To cybersecurity teams, a firewall is part of the furniture. After all, that’s basic network security. But to the average person it can still be a mysterious concept. They don’t understand it. So why would they bother enabling it?

It’s your job to help them understand it and show them how to enable it. To highlight the way it can prevent unauthorized access and protect sensitive company data.

By taking this step, you can help to ensure that personal devices are properly secured. You can help make sure your people come out on top and don’t give criminals a payday.

6. Routers and passphrases

Cybercriminals can exploit vulnerabilities in unsecured routers to gain access to networks and steal sensitive corporate data. That means remote employees need to know how—and why—to secure their router and protect their network.

Changing the default router settings and securing the Wi-Fi network is the first step in router and data security. 

Default router settings are often easy to guess, making it easier for cybercriminals to gain access. So, help people to change the default router login credentials and create strong and unique passphrases.

We know, this sounds like common sense, but some people are super attached to their terrible password habits. But strong passwords really matter. So spell it out: Avoid easily guessable phrases or weak passwords like “password” or “12345678”. And encourage good practices like changing the passphrase periodically.

And equipping people to keep firmware updated regularly is a must. They’ll be able to patch vulnerabilities and improve the router’s performance that way.

7. Working from anywhere

Last but super important: 

With the rise of remote employees, people are increasingly working from public Wi-Fi hotspots. 

And plenty of people still have no idea how handy these connections are for criminals, thanks to the way they can be used to monitor web use and intercept sensitive information.

To mitigate the risks associated with working from public Wi-Fi hotspots, you should encourage people to use a VPN (virtual private network) or tether their devices to a secure network. 

Additionally, it’s important to ensure that remote employees are aware of their surroundings when working in public spaces. 

They should be reminded to lock their devices when leaving them unattended, to prevent unauthorized access to sensitive data.

Yes, it’s all about data. And more specifically, data security and avoiding data breaches. Because nobody likes those. 

Summary

Remote working has become the norm. And that’s not about to change anytime soon.

Sarah’s story is a cautionary tale for all organizations struggling to keep up with the challenges posed by remote and hybrid working models.

However, you absolutely can help everyone in your organization – including your remote workforce – avoid the same failures that led to Sarah’s security breach. 

And you can do it easily: Download our free ebook on remote working.

In it you’ll find:

We hope you enjoy reading it. Here’s to keeping criminals out in the cold!