[BreachExchange] How to Protect Your Remote Employees from Cyber Threats

Destry Winant destry at riskbasedsecurity.com
Thu Feb 14 09:24:18 EST 2019


https://www.inc.com/neill-feather/how-to-protect-your-remote-employees-from-cyber-threats.html

While laptops, tablets, and smartphones are necessary tools for any
remote worker, they are also susceptible to unique vulnerabilities
that cybercriminals can exploit to gain access to your website,
network, and other sensitive data.

Whether employees work from the spare bedroom, a neighborhood coffee
shop, or even on an office Wi-Fi network, there are three key ways
they can endanger company security. Here's how you can keep your
remote employees safe.

1. Avoid using public unsecured Wi-Fi networks

If you look around any coffee shop these days, chances are most
customers are working away on a laptop. According to Spiceworks data,
61 percent of organizations saidemployees connect to public Wi-Fi
networks from company-owned devices when working remotely.

Although widely used for convenience, public Wi-Fi networks are
actually a common vector for cyber threats. Typically, these networks
are not secure, making insecure traffic, including sensitive data and
log-in credentials, easy to intercept by a hacker. Hackers can also
use unsecured Wi-Fi networks to distribute malware or spoof a public
Wi-Fi network to draw in users and capture their data.

Another cyber threat to be aware of is Wi-Fi phishing. Wi-Fi phishing
is when an attacker creates a web page that looks exactly like a
legitimate page on your company's website, such as a commonly used
email sign-in page. When an employee unknowingly encounters a page
that looks legitimate--but isn't--and then enters credentials, he or
she is actually communicating directly with a hacker.

It may come as a surprise, but a third type of threat to be aware of
is your own home office Wi-Fi network. An unsecured home office Wi-Fi
network can be accessed through harmless-looking--but
vulnerable--IP-enabled devices like security cameras, wireless video
equipment, and even network-connected thermostats. Unsecured
IP-enabled devices are easy to hack, meaning an attacker can breach
the network and move straight to your website or other assets.

Require remote employees to use a virtual private network (VPN) that
enables users to connect securely to your business, even on a
questionable Wi-Fi network. You can also provide employees with
personal hotspots, so they don't need to use public Wi-Fi at all.

2. Share information about cybersecurity best practices.

As many security experts can attest, humans are the weakest link in a
security strategy. All employees, whether onsite or remote, are
vulnerable to threats, such as phishing attacks. It's likely that at
some point, an employee may inevitably, and unknowingly, click on a
malicious attachment, fake web page, or malicious URL.

That's why it's important to educate all employees about
cybersecurity. For example, phishing emails are cleverly crafted to
convince users to provide credentials, download infected attachments,
or click on a malicious URL.

To help combat this threat, small businesses are increasingly
realizing the value of cybersecurity training. In fact, employee
security training is expected to be one of the most-adopted solutions
in 2019 for small and medium businesses, according to the Spiceworks
2019 State of IT survey.

Set up regular employee security trainings to review the latest
cybersecurity threats, how to spot scams, and understand any company
policy for reducing risk. Small businesses with limited resources can
turn to outside experts to provide affordable security training
customized to their needs.

3. Don't disregard endpoint security.

Endpoint security refers to securing local resources such as software,
applications, and operating systems that employees utilize on their
devices. For businesses with remote employees, endpoint security
offers a last line of defense against cybercriminals attempting to
launch attacks against their integral systems. Endpoint security can
take many forms, most notably updating software and operating systems
by using anti-virus software, and network firewalls.

The 2018 State of Endpoint Security Risk Report shows that the average
time to patch critical software and operating systems is 102 days,
leaving sensitive data and systems potentially vulnerable to attack
for over three months. Cybercriminals can exploit outdated software to
gain a foothold in your network and access valuable targets, such as
administrator credentials, intellectual property, and customer data.
Ensuring all your systems, browsers, and apps are updated can combat
potential vulnerabilities.

Ensure that all company-owned devices have the most current software
versions and are set up to resolve any security issues with automatic
updates. Pre-installing malware scanners and a VPN are crucial to a
proactive security plan. You can also enable local firewalls on all
employee-issued devices to provide an additional layer of protection.
For employees who use their own devices, providing licenses for
anti-virus and VPN software can encourage employees to stay secure.

In an age where digital mobility is enabling employees to work
remotely, it's important to be aware of the potential cybersecurity
vulnerabilities this brings to your business.  Although companies will
face some risks with remote employees, implementing best practices
such as using a VPN, providing employee training, and ensuring local
resources are secure can give employees the freedom to work remotely
while increasing the security of the organization overall.


More information about the BreachExchange mailing list