About 42% of workers have a hybrid working schedule, according to a Gallup study. These workers work in the office one or two days a week and work the other days remotely. Employees visit the office to conduct and attend important meetings, access office materials and supplies, and work from home or anywhere else throughout the rest of the week.
As laptops and smartphones blur the lines between work and play, workers can answer Slack messages, send emails, and access sensitive company information from their personal and work devices while on the go.
But are workers compromising their company’s security measures by working from a personal device or completing their work on their local Starbucks’ Wi-Fi network? ZDNET spoke with experts about the pitfalls of remote working and cybersecurity and how employees and employers can avoid a catastrophic situation.
Here are a few things you may be doing to make your remote work setup less secure.
Two ways employees can improve remote work security
DON’T: Work from a personal electronic device
Scenario: You have already visited the office twice this week and want to spend the rest of the week at your parent’s house. To avoid bringing your work and personal laptop, you just take your personal laptop. This way, you can complete your work and access the software or websites blocked by your company’s IT department.
Best case, nothing out of the ordinary happens, and it’s business as usual. Worst case, a hacker can infiltrate your personal computer’s defenses and access your sensitive work material. Your logins and passwords are now vulnerable to those with nefarious intentions, and your company’s privacy is in jeopardy.
Solution: A security breach of this nature can lead to your company’s information and your personal details being stolen. So, it’s best to lug your work computer to whatever setting you work from to keep your data safe.
DON’T: Download unapproved productivity software
Scenario: Your boss asks you to scan a PDF for an upcoming meeting next week, but you don’t plan on traveling to the office and don’t have access to a scanner at home. So, you download a PDF scanner app not provided by your employer’s IT department onto your computer to complete the task.
In the best case, you can scan the document, get it to your boss, and check that task off your mile-high to-do list. Worst case, the app is filled with malware infecting your work computer. Now, you still need to scan the document, and your computer screen is full of pop-ups.
Solution: Vonny Gamot, head of EMEA at McAfee, says you should ensure that any apps you’re downloading are legitimate and secure. A best practice is to contact your IT department and check if any apps are approved and licensed by your company to avoid accidentally downloading any malware.
“While work-related apps for devices, like PDF editors, VPNs, and document scanners, can be great productivity boosters, almost a quarter of the malicious apps that our researchers found recently were tools like these,” she says. “So, make sure any apps or software you’re downloading are legit. Technology has enabled us to work more flexibly, but that flexibility comes with responsibility.”
Two ways employers can provide information security and privacy
DO: Help your employees vet phishing emails and messages
Scenario: As an employer, you command your IT team to send a phishing email to test your employees. After the test, over 50% of your employees either clicked on the email, opened the email’s attachment, or didn’t report the email as phishing. Now you see that if the opportunity arose, many of your employees would unintentionally compromise sensitive information.
Solution: Set up multiple opportunities to educate your employees about company security. Consider regularly executing phishing tests and updating them on hybrid working best practices.
Quentyn Taylor, director of information security at Canon Europe, says employers should educate their employees about safety best practices, no matter how straightforward. Taylor also recommends that employers maintain a high level of openness regarding employees making missteps that could jeopardize company security.
“Promoting a culture of openness is also critical. If there is a breach, it is important that employees feel comfortable coming forward to share their mistakes,” he says. “This helps mitigate the damage as issues often snowball if employees hide errors — if an error is out in the open, it can be fixed.”
DO: Offer employees a VPN service
Scenario: An employee wants to work out of a local coffee shop. The employee connected to the coffee shop’s public Wi-Fi and completes a few hours’ worth of work.
Best case, nothing happens, and the employee works as usual. Worst case, someone quickly infiltrates the coffee shop’s network and steals information from the employee, exposing their personal and work information.
Also: The best travel VPNs
Solution: Ian McShane, vice president of Arctic Wolf, says companies should invest in a VPN service to provide to employees when working on a public Wi-FI network. He says a company-provided VPN service can keep employees’ internet activity private.
But he says companies should thoroughly vet the VPN service they’re licensing, as companies should assume that the VPN provider can access employees’ internet activity.
Stefano Amorelli, fractional CTO at Dominance, gave ZDNET a few more tips to help you stay safe when working remotely.
- Consider supplying employees with a privacy screen for their work phone or laptop while working in public.
- Enforce full-hard drive encryption if employees’ work devices are stolen or lost.
- Enforce multi-factor authentication.
- If you have to participate in a meeting that requires you to discuss sensitive company information, don’t do it in public.
In conclusion, employees and employers should work together to ensure their sensitive personal and professional information stays safe and secure. But employees can only be so responsible for their company’s cybersecurity practices.
Inka Karppinen, lead behavioral scientist at CybSafe, says that although there are many valuable tips for employees to stay safe, it’s ultimately up to employers to protect their employees and their business.
“While people want to be part of the solution, they have busy lives and can only do so much,” she says. “Therefore, employers need to not only empower their people to value cyber security as a core value, but also give them the tools to be an effective line of defense.”