How to protect your remote workforce from a cyber attack

How to protect your remote workforce from a cyber attack

Earlier this year, an industry report indicated that 79% of companies are still concerned about the security risks of an increasingly remote workforce. Cyber ​​attacks are on the rise since the COVID-19 pandemic, in part because many organizations do not implement proper cybersecurity measures and procedures.

Additionally, there is a global shortage of cybersecurity professionals across all industries. The investment in trained cybersecurity professionals is vital to protecting your remote workforce from a cyber attack. They can help implement an up-to-date cybersecurity strategy and train employees on how to stay safe online and much more.

Reassess your cybersecurity strategy

Cybercriminals are constantly evolving their tactics and businesses must keep up with security measures. There are even more vulnerabilities with a remote workforce, such as using personal devices and working on unsecured networks. Organizations must update your cybersecurity strategy continually to stay up to date. As stated in the TechTarget guide, a cybersecurity strategy “is a high-level plan for how your organization will protect its assets over the next three to five years.”

The first step in building a cybersecurity strategy is to assess the threat landscape. Then take stock of your current strategy – determine if you have the right programs and applications in place to protect your employees. Is your IT team capable of executing an effective strategy with the resources allocated to it? Once you have a clear picture of your current state, you can explore ways to update and improve your cybersecurity strategy, ideally focusing as much or more on preventing potential cybercrimes than reacting to them. Be sure to document your strategy and update all relevant employees. Don’t forget: training your employees should be part of your cybersecurity strategy.

Cybersecurity training for employees

There are a variety of free and paid employee cybersecurity training programs available, both online and in person. Cyber ​​security training should be ongoing for your entire team and should be part of the orientation process for new hires. Ongoing training must include, but is not limited to, education on:

  • Types of security threats (malware, phishing, ransomware).
  • Password management and security.
  • Malicious links.
  • Login from a personal device or a device outside the network.
  • How to detect suspicious behavior.
  • What to do if you suspect that you have been attacked by a cybercriminal.

Implement remote desktop setup and multi-factor authentication

To protect against the increased risks that remote and hybrid employees present, it is recommended that they use a remote desktop setup, such as a VPN and multi-factor authentication (MFA). With MFA, a user must provide two or more verification methods to successfully sign in. In fact, Microsoft engineers said that 99.9% of compromised accounts do not use MFA.

Never work on an unsecured network

For remote employees, “working from home” can often mean “working from a coffee shop.” When working on a secure (password-protected) network, data is encrypted — unlike plain text data. Plain text data can be intercepted by almost anyone with basic knowledge of malicious cybersecurity. Data encryption greatly increases security. This applies to mobile devices and tablets, as well as laptops. Even checking email on a mobile device on an unsecured network can compromise security.

Use a zero trust framework

Zero trust frameworks are important, especially with remote workers. The zero trust model follows the idea that all people and devices trying to join a network can be hostile and must be authenticated at every single access point and activity. This includes users on and off the network, and local or cloud-based users.

An IBM report states that compromised credentials were responsible for approximately 20% of data breaches in 2021, with an average cost of $4.37 million per breach. The average cost of a data breach was $1.76 million less for organizations that applied a zero-trust approach.

Improved security and password management

You’ve heard it before, but it bears repeating: don’t use “password” as your password. The same goes for “password1” and “1234”. There are several algorithms that criminals can use to guess commonly used passwords. Here are some password best practices:

  • Use different passwords for different logins.
  • Do not use personal information in your password (names of pets or streets, or important dates).
  • Never share your password with anyone.
  • The longer the password, the harder it is to guess.
  • If you want to store passwords, do so in a strong passwordeitherdr management system.

A cyber attack can be devastating to an organization. Protecting the online activities of your remote workforce from cybercrime should be a focus for organizations. It starts with having the right cybersecurity professionals in place, establishing a cybersecurity plan, and educating employees on how to stay safe when working from home. Having a plan in place can help keep your business, your data, and your employees safe.

About the Author: Michelle Moore, Ph.D., is academic director and professor of practice for the The innovative online Master of Science in Cyber ​​Security Operations and Leadership program at the University of San Diego. She is also a researcher and author with more than two decades of experience in the private sector and government as a cyber security expert.

Publisher’s note: The views expressed in this guest post are solely those of the contributor and do not necessarily reflect those of Tripwire, Inc.

Leave a Comment