During the Covid-19 pandemic, remote working took the main stage. Before the pandemic only a mere 17% of U.S. employees worked from home five days or more during the week, but this number dramatically increased to 44% during the outbreak. The pandemic not only changed the way we work, but also created more opportunities for cybercriminals to gain new online targets: work-from-home (WFH) employees.
Keeping Remote Work Secure
As companies rushed to convert their employees to an online workspace, there were three key areas that the new remote work environment exposed to hackers. Because employees could now access their work at any hour, they could become active on networks outside of regular hours, making cyber attacks less likely to be detected. Another susceptibility occurred when remote workers accessed shared networks across multiple devices, including personal devices that lack the same security as work computers, creating vulnerability. And lastly, remote work allowed for some jobs to be outsourced, and networks became susceptible to hackers as contractors, with different security measures, were given access to company databases.
The Cost of a Data Breach
In the latest annual Cost of a Data Breach Report, the average cost of a cyber incident is now a record-topping $4.24M, but when remote working was involved, analysts found that the average total cost of a data breach was about $5M. So as we transition to a new “normal” and see remote positions become permanent, it’s essential for companies to updated their data security stategies to protect online data.
1. Implement Strong Passwords
A strong password is the first line of defense against hackers accessing data. When employees create a password, it’s important that you require they choose a unique, one-of-a-kind combination of uppercase and lowercase letters, symbols and numbers at least 12 characters long. The longer the password is — the better.
Creating an expectation for employees to routinely change their password every three months can also increase the chances of deterring unauthorized users from accessing company sanctioned accounts. However, make sure all employees avoid reusing the same passwords across different accounts as this can pose a huge risk to all the accounts with the same password if the information is compromised.
2. Provide a Virtual Private Network (VPN)
One of the best cybersecurity practices for remote workers is to use a virtual private network. A VPN creates a protective shield around online activity and can allow employees to access the company’s servers without fear of exposure to online hackers.
Employees working from remote locations can use the internet securely by routing internet traffic through an encrypted connection that conceals the user’s IP address. Advantages of using a VPN include concealing sensitive data, shielding browsing activity and accessing region-restricted websites.
3. Urge Employees to Keep Their Devices Separate
Keeping employees’ personal devices and company devices separate is a must to maintain online data security. By working on sensitive business data on a personal device that is not secured correctly, employees may accidentally compromise the information.
Set expectations right away for employees that all company data sensitive information, and is required to remain on official company devices and to never use company devices for any non-business-related activity.
4. Require Software Updates Regularly
Another best practice is to require all company devices to run software updates consistently. Regular updates will ensure that every device has the latest improved software, security measures, removal of outdated software and enhanced features that help protect company data from cybercriminals.
5. Educate Employees Against Phishing Attacks
As the number of remote workers increased, the number of phishing attacks grew in proportion, with 86% of organizations facing bulk phishing attacks in 2021. If a hacker successfully breaches the data through a phishing attack, it can cost organizations an average of $4.65 million.
To protect the company, your cybersecurity should start with your employees. WFH employees should be trained on how to recognize and avoid phishing email scams to prevent accidentally clicking on malicious email links that install malware.
Common signs of a phishing email are:
- Attaching fake invoices
- A notice of suspicious activity or log-in attempts
- Claims of problems with payment information
- Coupon offers of free items
Safeguard Your Data
Learn more about protecting your information with Bluefin’s data security solutions. From industry-leading, PCI-validated point-to-point encryption (P2PE) to tokenization, our PCI-compliant solutions can help you protect all payment and sensitive data in systems and networks. Contact us to get started