Even as more workers venture back to the office, remote work continues as a popular (and now more accepted) alternative — permanent for some, and for many more, a convenient hybrid option.
The data needs a refresh, but Gallup’s latest figures from the fall indicated that 45 percent of U.S. employees were working from home at least part of the time. That portion jumped to two-thirds for white-collar jobs traditionally done in an office. Roles that would have been considered high risk traditionally for remote work have successfully transitioned into remote work.
At the same time, data compromises have surged, with some threat actors specifically targeting white-collar employees. This growth in attacks has prompted the White House in prioritizing cybersecurity with a new urgency and breadth.
Updates to state and federal regulations are signaling that ALL businesses have a clear responsibility to protect the sensitive information they handle — for the company itself, for employees, for vendors, and most importantly for their clients. But what that looks like shifts a bit when accounting for remote work environments. Steps already taken probably (hopefully) include using virtual private networks (instead of just unsecured Wi-Fi); requiring Multi-Factor Authentication, or at the very least strong passwords (and encouraging the use of password managers to avoid having to recycle the same ones); and being vigilant for phishing attempts.
But don’t overlook these three considerations:
1. Round out your ongoing cybersecurity awareness training
Regular training is a vital component of any effective cybersecurity program — the unpredictable human variable (a.k.a. your employees) are almost always your weakest link. Update your training to focus not only on common cyber threats, but also on current threats that may affect remote workers. Make the training relatable by outlining risks that could personally impact the employee (e.g., shift the message about how to protect themselves not the company). In addition, clearly communicate physical security expectations for remote work environments. Often, people forget the stuff that isn’t just in cyberspace. For example, store work technology and documents securely (and don’t leave them on the seat of your car while you run errands). Focus on how important it is that they do not allow other members of their household to have access to work materials. And keep in mind your background on Zoom meetings with clients, vendors, interviewees, etc. — is any sensitive information visible? Enterprising folks can pull quite a bit of information from a quick screenshot.
2. MFA, MFA, MFA
Multi-Factor Authentication, that is. Use it like Frank’s RedHot — put it on everything. This step — basically, requiring two or more verification methods before granting access to resources — minimizes exposure from stolen passwords and other ways threat actors get a toe in your virtual door.
3. Adapt your vulnerability management program
This means making sure that company assets or other trusted devices get security updates and patches at least as frequently as when they were in the office. Incorporate details of this into the updated employee training we mentioned earlier. We know that, with so many cybersecurity incidents in the news, virtual and physical variables, cybersecurity can seem simply overwhelming. Digital Silence specializes in helping organizations establish mature cybersecurity programs, including social engineering. Contact us for help strengthening your defenses.