For most of us, becoming the victim of a cyber attack is simply a matter of time. We’re all vulnerable, at work and at home. Any kind of online information-sharing carries a risk—but the location of the people sharing is much less a factor than how they share. As unprecedented numbers of workers are shifting to remote work in light of the COVID-19 outbreak, organizations should be taking a second look at their cybersecurity policies. With the right systems in place, organizations with a distributed workforce can work safely and achieve their business goals.
Training is critical in filling security gaps
Even in an organization that values training, it’s difficult to find the time to prioritize security issues when other, profit-bearing projects are demanding executive and employee time. It is worth considering that, according to a Radware survey in 2019, the average cost of a cyber attack on an organization is over $1 million. Suddenly the time spent training employees doesn’t seem so out of reach.
Workers need to be aware of the best practices for sharing information online, and the only way they can do that is with proper training and communication from their employer. Different studies disagree on the minimum number of times that are necessary for the human brain to hear and retain a message, but they all agree: it’s more than once.
There are a lot of training options available to large and small companies – everything from YouTube tutorials and free webinars to off-the-shelf courses to custom organizational training from eLearning professionals. There’s also no need to gather your workforce in person to participate in a mandatory training, as everything can be conducted remotely. What is important is that each employee receives the same instruction, supported by clear, concise written company policies, to ensure they are all on the same page.
Best practices for secure information-sharing
Employee training is most effective when simple, actionable steps are given. The less information that is required to be remembered or acted upon in a single training, the more likely it is that workers will adopt best security practices. Consider starting with the most vital requirements, and then flesh out your security strategy with subsequent training sessions. Here are a few easy ideas:
Password audit. One simple strategy to get employees on a secure footing is to require everyone to install a password manager. Passwords on your company network should already be managed internally, but as workers begin storing business information on their personal devices, re-used passwords become a liability for the organization as well. There are lots of free options to help employees secure and manage all of their passwords, or you can upgrade to a company-wide platform so you’re all on the same page.
Multi-factor authentication. Most criminals look for easy targets, and cyber criminals are no exception. Multi-factor authentication adds one extra layer of security, so when you log into an account, you’ll have to enter your password plus an additional security factor, such as a code sent to your cell phone. Think of this like a home alarm system; you’ve already locked your front door with a great password, but adding the extra layer of security and posting that “protected by” sign in your yard means most thieves will move on to easier pickings.
Stay on top of updates. Ask anyone and they’ll probably admit they’ve clicked the “install later” button more than once when those pesky update notifications pop up. The thing is, technology developers work hard to stay one step ahead of cyber criminals, regularly repairing security holes and fixing bugs as they are discovered. Ignoring those updates leaves devices vulnerable to data theft and other security issues. A simple reminder to employees to update devices regularly goes a long way toward protecting your data.
Remote support is essential to cybersecurity
As employees become more removed from the office, they may feel isolated from your IT team. It’s important that technology professionals stay in contact with everyone, to communicate important security actions and remind workers how to get help with any technology issues they may experience. The danger is that workers will turn to the internet for assistance, trying to solve the problem on their own so as to not “bother” anyone. Online forums can provide answers to technology issues, but they can also be an unsecure data mine. Criminals may ask for passwords and screenshots to help solve common issues, or even hijack a worker’s device, granting them access to company servers.
The best prevention is to let employees know that internal support should be their first stop with any technology question. Remote teams should also know that any security issues—or even suspicion—should automatically be brought to the IT department or designated support professional. The sooner an issue is brought to the attention of a cybersecurity professional, the better. In fact, the best thing that can happen is an IT pro “wastes” their time verifying the organization doesn’t have to deal with a much bigger problem.
With the right kind of communication and some simple, actionable advice—backed by a solid support system—remote employees can instantly transform from a security liability to a security partner. When your systems and processes are solid, and workers are trained in best practices, working away from the office is just as secure as working within.