The pandemic taught workers around the globe that business as usual can continue, even with a remote workforce, and many of us would like to continue telecommuting. A Boston Consulting Group survey reveals that homeworking is here to stay, with 89% of workers expecting to continue working at home after the crisis ends. While some employees will be required to go back to businesses' physical locations, some will willingly work remotely. Regardless, the hybrid work environment creates unique security challenges for IT teams.
A remote workforce increased the average total cost of a data breach by nearly $137K, according to IBM's Cost of a Data Breach report. More alarming is that cybercriminals are becoming more sophisticated and are increasing their ransomware and cyberattacks to block a computer system. The cost of some ransom demands has exceeded $1 million; businesses that have suffered cyberattacks and ransomware attacks have spent around $144.2 million to resolve.
[CTA: ATLAS is our new free AI-driven assessment tool that can help you find employees with an aptitude for cybersecurity and put them on a training path to become a valuable cybersecurity defense for your business. Cyber defense involves a cross-department security defense that extends outside of IT teams.]
The challenge for IT departments is how to protect the business and its employees from cyberattacks without infringing on productivity, collaboration, and access to digital assets. Security magazine predicts that remote workers will be the main target of cybercriminals throughout 2021. Therefore, finding a workable, secure solution is critical and will save money in the long run. Malwarebytes reports that companies that did not create a secure remote plan have led to nearly 25% of organizations paying unexpected costs to address cybersecurity breaches and malware infections.
Putting a Security Plan in Place for the Future of Hybrid Work
The challenge of securing employees working remotely from cyberattacks requires a delicate balance of providing access without hindering productivity.
- BYOD or Not?
Many companies have adopted a flexible bring your own device (BYOD) policy to give employees more flexibility and makes employees more accessible in a remote environment. Although BYOD may appear to be an inexpensive way to help them stay connected to their work email and other apps, this policy does come with its own risks.
Your cybersecurity defense should include the realization that not all employees are using and updating security applications; many may not even be using secure passwords. You must also consider the risk of device theft, loss, and malware hacks. If you do have a BYOD policy, be sure to:
- Define security requirements, including requiring employees to install a device security application to access company data and apps.
- Insist on two-factor authentication and strong passwords that must be changed every 30 or 90 days.
- Define a process for ensuring employees install security patches and updates.
- Create a policy for data wipe procedures if an employee device that contains company data is lost or stolen.
- Security Awareness Training for Employees Home Wi-Fi Environment. Your remote workforce is your most significant data security risk.
- Provide training for employees on how to change the default admin password on their home routers. Remind them to change the password regularly.
- Encourage employees to segment their router to create a dedicated virtual local area network to isolate company-related Wi-Fi activity.
- Consistently educate employees about recognizing phishing emails and being cautious about opening email attachments or clicking on links.
- Encourage employees to store data in cloud accounts and not on their own devices.
- Digital Asset Inventory and VPN Access
Your company data must be secured without limiting employee's productivity, workflow, and the ability to collaborate.
- Take inventory of your digital assets, including domains, accounts, photos, documents, and more, and ensure this data is stored in your cloud.
- Create a digital asset management system (DAM), identifying which employees need access to data and resources and ensuring they get them.
- Limit VPN connections to those employees who genuinely need access to private data, limiting the scope of a breach, if one should occur.
Remember, Black Hat hackers will not cause all data breaches. However, employees may inadvertently expose you to a cyberattack through carelessness. According to Security Magazine, employees are 85% more likely today to leak files than they were pre-COVID.
- Move toward multifactor authentication (MFA), which requires two or more identity credentials for access. A report from Microsoft found that MFA can prevent 99.9% of attacks on your accounts.
- Encourage employees to use default passwords of 12 characters or more and not use the same password for multiple accounts.
Security Doesn't Have to Be a Barrier to Productivity and Teamwork
A remote workforce risk management program will not eliminate risk, but it can more clearly help your IT team to deter, detect, make you aware of a cyberattack, and can help you create an effective, quick response. In addition, by continuously monitoring your security, you'll be able to protect your remote team and your data better.
[CTA: Contact us today to learn more about how New Horizons can partner with your organization and effectively upskill your workforce to defend your organization.]