How to Prevent Remote Workers from Causing a Data Breach

TSP • @myTSPnet


As we approach one year since many were forced to shift to fully remote workforces, a lot of companies have no plans for employees to return to the office full time or even at all long after the pandemic ends. While remote working has many benefits, it also increases the issue of potential cyberattacks.

Last year presented an increase in ransomware attacks, malware and high-profile corporate data breaches for businesses of all sizes, with many cyber criminals taking advantage of businesses with employees working from home without company laptops or secure home networks. According to MonsterCloud, the FBI reported the number of complaints about cyberattacks to the Cyber Division increased to as many as 4000 a day, representing a 400% increase from what the bureau saw pre-coronavirus. The FBI also reported that ransomware attacks are up 800% during the pandemic.

If your business plans to remain working from home for the foreseeable future, you need to take steps now to protect your remote workforce and your company from cyber threats.

The first step in protecting your remote workers from causing a data breach is to discern what data you need to protect. Performing a risk assessment is an essential first step because the assessment helps determine the appropriate cybersecurity controls to instill in your protection process. Examine how you currently protect data and determine what you can enhance about this process to protect against the newer challenges of working remotely. For example, you should guard against potential loss of data with backups on a separate network so that one compromise does not rob you of all data.

As a part of this assessment, you can also plan ahead for future issues and generate next steps for an array of scenarios that could harm your data. This risk assessment documentation should include risk management that addresses people, processes and technology.

Data is one of the most valuable assets of a business, and employees using the same device for work and personal functions puts your business and data at risk. To protect the data, focus on endpoint security, which involves securing entry points and endpoints of end-user devices including laptops, desktops and mobile devices. Endpoint security software will detect threats in real time and ensure safe browsing on the web. These applications will also protect, detect and correct malware across many devices and systems.

Another important measure for endpoint control is to establish robust password policies to prevent unauthorized access to endpoint devices. Require regularly scheduled password updates that employ password protocols to prevent use of common or easily identified passwords. Additionally, a password manager that employs two-factor authentication can be essential and effective.

Antivirus software is another important cog in the wheel of endpoint security. Even if employees are using personal devices, they should install antivirus software that updates automatically so that the device is protected against spyware, trojan horses, worms and ransomware.

Of course, the best way to protect your business’s data is to issue separate work devices to employees, but we recognize not all businesses have the budget for this.

Every staff member does not need access to all of the company’s data and information so choose wisely the levels of access you grant employees. This means taking a zero-risk approach when it comes to your cybersecurity.

One model for data security is actually called Zero Trust. According to this model, a company should trust no one. That sounds a bit harsh, but the protection is for the company and the employee. Humans are often the weakest link in a security strategy, whether intentionally or not, therefore, limit, monitor and enforce how your users access data.

Just as users must maintain software and operating system updates, users should also ensure that hardware firmware updates are completed. These updates should be done on laptops, phones, and even the routers that your employees use for their home networks. Just as for operating system updates, manufacturers are constantly providing firmware updates with the latest patches and fixes to help protect from attacks.

The most difficult aspect of this maintenance is the human factor. Laptops and phones are easy to update as the user is typically prompted to perform these updates. Unfortunately, for the most part, employees will have to be proactive about updating routers themselves. Manufacturers cannot necessarily push these updates to individual consumer devices. In the case of routers, employees will probably have to find, download and install router updates.

At the end of the day, the human factor may be the most challenging obstacle you encounter in shoring up your data security, especially as the remote work environment continues. Establish policies and procedures for employees to follow to protect the company and its data assets. While this can seem like a chore, you’re actually ensuring the continued integrity of your valuable data and thus your company.

New call-to-action