Remote workers have become a normal part of a company’s workforce since the pandemic changed the way we live and work. Before the pandemic, just 24% of the U.S. workforce worked from home three or more days per week, and 47% never worked from home before.
After the pandemic, 53% of workers are working from home at least three days per week or more.
Businesses did not have a lot of time to go from an office full of employees to having their company run virtually by telecommuting staff. This had led to some lapses in cybersecurity.
In a survey by OpenVPN of 250 IT professionals, 36 percent, more than 1 in 3, said their organization had experienced a security incident due to a remote employee.
Often, security issues are coming because a company hasn’t properly upgraded its security practices to account for the change that work-from-home employees bring to cybersecurity risk.
In many cases, employees haven’t been trained on how to secure their home Wi-Fi or given instructions on the proper handling of business data.
Biggest Security Mistakes Made by Remote Workers
Using Personal Devices for Business Data
Work-from-home (WFH) employees may switch between their work device and home devices for doing work, which means business data could be stored or accessed with an unprotected PC. Some employees may have no choice if they haven’t been supplied with a company computer to use from home.
Approximately 56% of employees use their personal computers to work from home.
Employee personal PCs may not have the same security as a business computer and may not be protected in the same way by managed IT service plans. It’s important that any device a WFH employee uses is properly protected and used only for business purposes.
Not Getting Help With Phishing
Phishing remains the biggest driver of data breaches and malware infections. When employees are at the office, they can easily get a second opinion on a phishing email before clicking a dangerous link.
But when they are working from home, they may not reach out in the same way to get someone’s input on whether an email is fake or real. Instead, they may just click it and end up unleashing ransomware in the company’s network.
It’s important that as part of security awareness training for employees, that they also be given a contact of a trusted IT pro where they can forward a suspicious email. This gets them “off the hook” as to feeling they need to take action if the email is real, and keeps the company network better protected.
Not Using Protection Basics Like a VPN and MFA
Remote employees are sometimes left to fend for themselves, and many won’t know the basics to take to protect things like their cloud account logins or less secure home network.
In 2020, there was a 630% increase in cloud account attacks. This was largely due to the combination of companies moving more of their workload to the cloud and the fact that many employees are now working from home and accessing those accounts with fewer protections.
Two of the basic protections that should be used are:
- VPN (Virtual Private Network): A VPN encrypts your internet connection, which protects data when connected to a Wi-Fi that may have been hacked or a public Wi-Fi that anyone can use.
- MFA (Multi-Factor Authentication): MFA is the #1 method to protect cloud accounts from getting breached because in most cases the hacker will not have access to the device required to receive the MFA code for login.
Not Keeping Software Updated
If you don’t have all your business PCs on an automatic update plan through an IT provider, you can end up with some employees not properly updating their workstations.
Those operating system and software updates contain vital security patches that should be installed as soon as they’re released to ensure the device is secure.
Without having these managed, a WFH employee can easily forget after clicking “later” on an update prompt, and then end up having their computer breached through a vulnerability that could’ve been patched through an update.
Using Unauthorized Cloud Applications (aka Shadow IT)
When working from home, some people may feel the freedom to use other applications for their work that haven’t officially been approved and that their company may not even know about.
Working with business data in a shadow IT app is risky because the application could have security or compliance issues if it’s not from a well-known developer. If the employee ever leaves the company, it could also leave sensitive company data sitting out there in a cloud account that the company knows nothing about.
Companies need to provide cloud use policies to all their employees, including those that work from home, so they understand the security danger of using unauthorized cloud apps.
Get Help Securing Your Entire Remote Team
B-Comp Services can work with your Denver area business to put the automated device and network protections in place to secure your remote team and reduce your risk of a cybersecurity incident.
Contact us today to discuss your support possibilities. Call at 303-282-4934 or contact us online.