OnePoint Human Capital Management Blog

Remote Workforce Cyber Security: Here's How to Ensure It

Written by onepoint-admin | Jun 24, 2020 8:57:31 PM

 

The remote work trend has been gathering momentum for the past few years. But COVID-19 and its resultant self-quarantine measures accelerated the transition to remote working.

Now as the pandemic rolls into the fourth month, organization that thought this was temporary are now thinking more long term. In many ways it is easier to keep employees working remotely or mostly remote, to avoid the extra expense to implement safety and hygiene measures. 

To effectively manage a company virtually, meet employee needs, and ensure productivity, cutting-edge HCM software is vital. However, this is not the only criteria; cyber security is equally important. As working remotely looks to be the norm it is important to assess IT security risks for remote working.

Unfortunately more home internet networks gives cybercriminals greater opportunities to gain access to sensitive information. To counteract the increased risk of cybercrime, companies need to implement effective remote workplace security in every possible way. The best measures to do just that have been listed below.

 

Limit Use of Personal Devices

A company’s corporate resources and devices have all been configured by the Information Technology (IT) department, and they’re a lot more secure than an individual’s resources. Any links that are shared on accounts are not necessarily encrypted and could be found intentionally by those with nefarious intent, or even accidentally by unsuspecting searchers.

Make sure employees use business resources for all company activities and use separate devices for personal and professional tasks wherever possible. This should help stop the spread of computer viruses as much as social distancing helps stop COVID-19 transmission.

 

Use a Trustworthy VPN

A Virtual Private Network (VPN) adds another very valuable layer of security for anyone who is working remotely. Essentially, another (virtual and private) network is superimposed over the public network of the World Wide Web.

End-to-End encryption ensures that only those who are on the network can see what is shared. VPNs are the ideal way to exchange confidential communications such as staff wage breakdowns, income and expenditure sheets, or other sensitive company data.

Using a VPN to connect all employees also allows everyone secure access to all business files, allowing them to work more efficiently. And certain parts of the network can be shared with clients or outside collaborators, since all emails sent from within the VPN are encrypted too.

 

Change Home Router Login Details Regularly

Changing router login details is another simple, effective safety precaution. Many models’ default usernames and passcodes can readily be found online, meaning attackers can write the details into malware. If they’re correct and grant access, the malicious programs can take over your router and turn it into a bot.

At the same time, whenever the device’s legitimate user sends or receives anything online, the files go through the router so the hackers who have taken it over can spy on them and track all their activities. Send out staff reminders to create new details every few months for proper protection.

 

Ensure Everyone’s OS and antivirus Software is Up to Date

Antivirus, operating system and individual program software all need to be up to date. Criminals have often worked out how to hack into older versions, putting out-of-date devices at higher risk. In addition, the latest versions will have bug fixes to improve functionality – and thus, your employees’ overall productivity.

Make it a rule that staff check for updates and patches frequently, and to install any that are available, or let them know when new versions are launched. Without these policies in place, people are prone to procrastinate updating their systems, and the fallout of that can be very serious.

 

Help Remote Employees Configure Wi-Fi Encryptions

Improperly configured Wi-Fi networks put users in a very vulnerable position. Even with up-to-date antivirus and other software, if hackers can connect to Wi-Fi or get into a router they can intercept all online communications from a device. That includes the passkeys to sensitive business data.

Let your employees know that they need to configure their networks and explain how simple it is. All they need to do is select the WPA2 encryption standard and set a strong password that uses letters, symbols and numbers. Keep the configuration safe by reminding staff members to change the Wi-Fi password at the same time they update the router details.

 

Frequently Remind Staff of Best Practices

Whether or not the security precaution for hardware, software and networking are feasible, the most important aspect of data security is training. Having written best practices and regular staff reminders about cyber security can go a long way.

Especially with your remote workers. Often, people let their guard down when they’re working out of a home office, but they can still be targets at home. Phishing scams have been on the rise during COVID. Criminals are sending emails offering links to COVID-19 updates and information capitalizing on piqued interest to lure their victims. The links inject malicious software so criminals are able to gain access to passwords, usernames or confidential business information stored on a device.

This type of human errors can be minimized with effective communication. Sending regular emails to remind employees of these dangers and what they can do to mitigate them can go a long way to preventing security breaches. Remind employees not to automatically trust links, and to be critical of emails that seem out of the ordinary.

Other tips include avoiding password shortcuts for business applications and imposing device locks and application time outs to prevents inadvertent device access. When at home using a personal computer or phone, it is more likely that someone else in the house might use that device to go online, or a child passes by and decides to play a game, which might expose sensitive data even inadvertently.

 

Biometrics and Authentication

With the abundance of cloud applications and SaaS platforms that employees use everyday, it is likely employees are access some sensitive data. So what if a phishing scam or an wi-fi hack gets access to a user name and password?

Utilizing biometrics or login authenticators go a long way in strengthening security to prevent unauthorized access. For example, the OnePoint HCM platform lets clients can require fingerprint or face recognition to access the mobile application. We also integrated Google authenticator which provides employees with a randomly generated code on a different device that is required to complete login. Even if a password is compromised, it is unlikely that a criminal would also have the personal cell phone or a fingerprint.

 

Safety in the remote workplace is as important, if not more so than in the office. Making a remote working security plan that includes hardware, software, networking and employee protocols minimizes the risk of a malicious cyber-attack no matter where your employees are working.