A Cybersecurity Action Plan for Your Virtual Workforce
According to Global Workplace Analytics, approximately 50% of all organizations have positions where employees can work remotely, all or some of the time. This number has grown 115% in the last thirteen years and is expected to continue to rise in the coming years.
However, with this flexibility, comes potential risk to your data. As virtual workers pick up and go from their home to the local coffee shop to a client meeting, the level of system security diminishes. The risk is especially high in open, and usually free, Wi-Fi areas.
The good news is there are practices you can implement today to make the virtual worker’s environment safer.
7 Cybersecurity Practices for Your Remote Workforce
- Make sure every operating system, applications, antivirus and anti-malware software is up to date. This can be a challenging task to complete if your workforce resides all over the country and only comes into the office once or twice a year.
However, if you hire a cybersecurity company, they can identify your vulnerabilities through an assessment, know where your risks are and help fix them right away.
- Make cybersecurity training mandatory. You can help users identify suspicious emails, spear phishing and who they should call if they aren’t sure about a message. Reinforce the training in conference and video calls. Be clear about the repercussions if they violate protocol.
- Activate a Virtual Private Network (VPN) service. If your workforce must sign in via a public network, the right VPN will provide a high level of encryption for all transactions going to and coming from your company.
- Implement Perfect Forward Secrecy (PFS). These are specific key agreement protocols that gives assurances your session keys will not be compromised, even if the private key of a server is hacked. This is good protection if the remote user’s laptop or tablet is infected with malware. It limits the hacker’s access to one server or a partition of your cloud services.
- Be able to disable and wipe clean remote devices. If a worker’s device is stolen or lost, its vital you can disarm it right away.
- Establish a different password policy. According to the National Institute of Standards and Technology (NIST) passwords need to be obscure, long and For example, putting together alphanumeric combinations a user can remember, but no one else will, can be almost impossible to crack. An example might be a house address of long ago, the user’s favorite childhood sport and their last movie title.
In addition, the NIST determined that changing passwords every few months did not enhance security, because most users don’t make significant changes to their existing password when forced to make a change.
- Implement proactive practices.
Rather than being reactive to a situation, put in place the following:
- Outsource cybersecurity. The right organization can continuously assess, monitor and protect your network and workforce no matter where they are or what time they access their data.
- Obtain cyber liability insurance. In the event of a breach, in which personal information, such as Social Security or credit card numbers, are exposed or stolen, this will garner you the protection you need.
- Establish a remote workforce policy. The key is to be fair to everyone and still protect your business. Many individuals enjoy working from home because they have more freedom, don’t have to make a long, stressful commute and can have more balance in their lives. Gain buy-in to the policy and have consequences if individuals violate them.
Axiom Cyber Solutions Can Manage Your Remote Users
Our Managed Cybersecurity Solution which includes next-generation firewall Intrusion Detection and Prevention (IDS), managed anti-virus, network monitoring, and patch management is available for a low monthly subscription fee. Contact us today for more information!