For a long time, the ability to work from home was seen as a prized employee perk. Since the beginning of this year, working from home has become a necessity, allowing organizations to remain operational amid the coronavirus pandemic.
Many organizations were forced to quickly move their employees from the safety and comfort of the office network, exposing them to the same dangerous cyber threats they had spent years defending them against. To protect sensitive data when working from home, organizations and their employees must extend security measures beyond the clearly defined perimeter of the office.
Create a Human Firewall
When working from the office, employees are typically protected by an enterprise-grade firewall that scans all incoming and outgoing traffic in real-time and automatically flags/blogs all suspicious activity, shielding them not only from malicious attacks but their own mistakes, which can have disastrous consequences.
At home, employees don’t enjoy the same level of security protection, which is why they need to receive cybersecurity training to effectively become a human firewall. For example, all remote employees should understand the difference between secure unsecured Wi-Fi network, be able to instantly spot common phishing scams, and know how to avoid exposing their personal information online.
Help Employees Separate Personal and Work Data
As much as some employees like using their personal computing devices for work, organizations should actively discourage them from doing so by providing them with capable and secure technology to work with. This helps employees separate their personal and work data, making it less likely for a late-night web browsing session to result in an organization-wide data breach.
Employees should then be instructed to keep their computing devices updated and physically secure. Even something as innocent as leaving a work laptop unattended in a café during a two-minute bathroom break could easily turn out to be a fatal mistake. It’s also worth mentioning that work devices should never be used by other family members, especially not children.
Enforce Using Strong Passwords
Passwords play an essential role in the lives of remote employees, who rely on them to log in to SharePoint, Salesforce, Slack, and other popular business applications. Organizations must ensure that employees know the difference between a strong password (mymotherloveslattewithhoney or 49sd&@[email protected]) and a weak one (david1990 or password). Ideally, employees should use a different strong password for each account, which is easy to do with a password manager like Bitwarden or LastPass.
To take password security to the next level, it’s a good idea to enable multifactor authentication when possible. Multifactor authentication prevents cybercriminals from stealing sensitive data by requiring at least two pieces of evidence, such as a password and a PIN, to be presented during a login attempt.
Provide a Virtual Private Network (VPN)
A virtual private network, or VPN for short, is essentially an impenetrable tunnel that’s protected by state-of-the-art encryption to keep all data flowing through it impossible to steal. Organizations should provide a VPN to enable remote employees to securely move data between their work devices and core systems, such as the organization’s on-premises datacenter.
A VPN is also a reliable solution for working on potentially unsecured public Wi-Fi networks, although employees should still avoid them whenever possible. As an alternative to public Wi-Fi networks, employees can use a mobile hotspot on their work smartphone.
Partner with a Managed Services Provider
Transitioning from the safety of the office network to remote working is a daunting challenge, especially for smaller organizations with limited resources. To ensure that the transition happens as smoothly as possible, organizations should consider partnering with a managed services provider that understands what it takes to protect sensitive data when working from home. Contact us and let us protect your sensitive data.