WHAT IS NIST? THE COMPLETE GUIDE TO THE NIST CYBERSECURITY FRAMEWORK
Explore this comprehensive guide on how the NIST Cybersecurity Framework can be applied to your organization.
Cybersecurity Best Practices for Newly Remote Employees
Businesses all over the world are adjusting how employees work due to the coronavirus pandemic. One recent study reported that 90% of IT professionals believe remote workers are not secure. At the same time, over 70% think remote staff poses a greater risk than onsite employees.
With so many people needing to work remotely, how can you ensure your business’ data and files/information remains secure? As a secure software provider, FTP Today has been providing secure solutions for customers that allow them to work remotely while still being secure.
In this article, we will discuss the best practices for working remote in times like these.
Communicate The Impact of Cybersecurity Efforts
When it comes to cybersecurity efforts, it’s important to tell your employees what steps they should be taking. But it’s just as important to tell them why they should be taking these steps. Employees need to understand the gravity of their cybersecurity efforts, and the potential consequences that both they and your company may face if their neglect leads to a data breach.
With more people working from home than ever before, your business is also more vulnerable to data breaches than it has been in the past, too. Think about the logistics of keeping data protected in a single office building. The entrance is secure, the networks you’re using are secure, and workstation access and use are likely monitored. Now, think about securing dozens or hundreds of office locations – one for each employee. Multiplying your security efforts across your organization probably seems like an overwhelming task, unless you have buy-in from your workforce.
Your employees need to understand what’s at stake, so they’re motivated to keep your data protected and align with cybersecurity best practices. Cybersecurity breaches can cripple a business. They often come with serious consequences like loss of business, loss of revenue, fines from regulatory bodies, and in the most extreme cases, prison time. In fact, 60% of small businesses go out of business within six months of a cyber attack. Because 43% of cyber attacks target small businesses, your company could easily be the victim of an attempted or successful cybersecurity breach.
The actions of your employees impact your business, and it’s vital that they understand what’s at stake. An action that they view as inconsequential, like using a public WiFi network at a coffee shop to access their email, could lead to a major security breach for your company.
Educate Employees on What to Avoid
Speaking of public WiFi networks, your employees may not know about all the ways they’ve vulnerable to cybersecurity threats now that they’re working from home. To make sure data is protected, your employees need to know what actions to avoid. Here are a few common mistakes that employees working from home may make:
- Using Non-Secure WiFi Networks. Even private WiFi networks at your employees’ home must be secure if they’re handling sensitive data. Public WiFi networks can provide a channel for hackers to infiltrate devices. Every employee that works from home needs to know about the expectations related to public and private WiFi networks – private networks should be secure and public networks should never be used.
- Failing to Change Passwords. Just because an employee may be working from home now, doesn’t mean passwords can stay the same. Working in a home office may give employees a false sense of security. Yes, their at-home workspace might be secure, but that doesn’t stop hackers from infiltrating accounts from afar.
- Working on Non-Secure Personal Devices. BYOD (bring your own device) policies have been growing more popular in offices as people become more dependent on their phones, tablets and personal laptops for work tasks. However, even though employees aren’t bringing devices into a physical office space, these personal devices still need protection. Set expectations that these devices should be used in accordance with your BYOD policy or not used at all.
- Failing to Use Secure File Sharing Methods. Employees might be tempted to send large files in the most “convenient” way when they’re working from home – via email or free solutions like Google Drive or Dropbox. Not being connected to an in-office server or handing a flash drive to someone in the cubicle next to you might tempt you to send large, sensitive files over non-secure email. This could come with serious consequences. If your email address is hacked into, all the files you’ve shared in the past could end up in the hands of a hacker.
- Using Free Email Services. Even if not attaching sensitive files to your emails, you should still never be using free email communication services (gmail, hotmail or your broadband service provider’s free email account) to send or receive company email. You should always have your own @company.com domain from which to send and receive all company-related emails.This is far more private and secure.
If your employees know to avoid some of these common mistakes, you’ll have greater success keeping your sensitive files protected.
Take Steps to Equip Employees and Avoid Attacks
When you offer clear guidelines on how to avoid an attack, your employee will have clear exceptions that they can take steps to meet. Here are a few steps you should take to equip your employees to work remotely without compromising data security.
- Create a detailed policy. A specific work-from-home data security policy, in addition to your general data security policy, should be created and shared with your employees. Make sure to provide a list of approved and prohibited platforms, tools, and sites for your employee use.
- Regularly update software. Mandate that all employees regularly update solutions and systems they use. Often, these updates include security patches to minimize the chance of a data breach.
- Establish a backup policy. Require that employees backup information on a regular basis. All data should be backed up to servers in secure locations. Regular backups ensure that all data is stored and protected on the appropriate servers.
- Provide a secure method for sharing files. A secure file sharing server is the best way for your employees to send files to both internal and external recipients. With a secure file sharing server, you can better protect your data. Research the best options, and ensure you select a solution that accommodates remote work.
- Communicate the breach alert and reporting process. Despite your best efforts, a data breach may eventually occur. As a final step, you need to establish and share a breach reporting and alert process. Your employees need to know how to act when a breach occurs and what expectations they should have when it comes to being notified about a breach.
Taking these steps will help ensure your data and files can remain secure during this unprecedented time. Download this free Comparison Guide to learn more about your secure file sharing options.
About Martin Horan
Founder of FTP Today and an expert in secure file transfer and Internet protocols. A software and IT geek since a young age, Martin has successfully led his companies through the digital age by spotting market niches and filling them with quality IT services.