7 Cyber Security Tips for Companies with Remote Employees
Business Insurance | commercial insurance | Cyber & Identity Theft
Remote work can be pretty convenient. No commute, extra pet snuggles, wearing pajama pants during your Zoom meetings.
But if you own a business with remote workers, it also presents some challenges. For instance, it may be more difficult to ensure cyber security for your remote employees.
This is especially the case if you’ve had to adjust to remote work at the beginning of the COVID-19 pandemic and didn’t have time to prepare a thorough cyber security plan.
Well, if you still haven’t established an effective cyber security plan for your remote employees, we at Berry Insurance can help.
We may be an insurance company, but cyber security is very important to us. For one, we sell cyber insurance to help protect our clients. Additionally, we know as a small business, it would be really difficult to survive a severe cyber attack.
So in addition to protecting ourselves, we want to help protect our fellow businesses from malicious cyber attacks.
Below are 7 steps you can take to protect your business from cyber attacks against remote employees.
1. Train employees on phishing
Phishing is probably the biggest security threat most companies face.
Especially since the 2020 COVID-19 pandemic began and cyber hackers started creating all sorts of new COVID-19-relates phishing scams.
Phishing is an effort through email, phone, or text to act as a reputable contact in order to have the recipient share sensitive information or click on a dangerous link.
If the hacker is successful, this kind of attack can lead to the capture of important data, or significant financial loss.
But just because you are aware of these schemes, doesn’t mean all your employees are.
Each employee you have using technology opens up more opportunities for cyber attackers to harm your business.
To reduce this risk, you should make sure you have an in-depth cyber security training program that includes regular training to every employee on how to recognize phishing attempts.
Provide continuous training and testing to make sure they know how to look out for suspicious email addresses, harmful links, suspicious requests or demands, and generic language. Make sure they know to always pause and confirm legitimacy before clicking on or responding to something.
2. Prohibit use of personal devices for company business
We know if employees are at home, it may be tempting for them to use personal devices for work.
But, when employees are working from home, they should not use any personal devices to complete any work related tasks. These devices include personal computers or laptops, phones, tablets, printers and more.
You may know your company devices are secure, but do you have any idea what kind of security your employees’ personal devices have?
Allowing employees to use these devices could open you up to serious cyber attacks.
Instead, you should issue secure portable devices for your employees to use at home and reinforce that the use of personal devices is prohibited.
We know what you might be thinking: “My employees don’t have work laptops and we can not afford to purchase all new devices. They have to use their personal computers or laptops at home!”
We get it, it’s not always possible to provide company-issued devices for your employees to work at home.
If this is the case for you, there are a few things you can do.
- Make sure all devices (computers, phones, tablets, laptops) are encrypted. This will ensure that any stored data is unavailable to hackers.
- If possible, make sure the IT department vets any devices that employees will be using to ensure they are secure and up to date.
- Use a virtual private network. This one is a big one, so we’ll go over it in the next section ...
3. Require use of a secure virtual private network or a Desktop-as-a-Service
Home devices are not secure, and neither are home networks.
By allowing employees to work on their less-secure home networks, you are making your business data more vulnerable to a cyber attack.
So if employees are accessing company servers and data remotely, they should be using a secure virtual private network (VPN) or a Desktop-as-a-Service (DaaS).
Both of these allow access to a virtual network, creating anonymity, protecting your identity and browsing information from hackers and other entities.
4. Avoid commonly used/shared passwords
Password theft may be a simple way of hacking, but it is still very relevant. Weak passwords can be easily cracked.
Remote workers should be using complex passwords, should not be reusing passwords, and should be changing passwords often.
For one, a simple password is easier for hackers to guess, especially if it includes accessible information about you that could be guessed. And the longer you have a password, the longer a hacker has to figure out what it is. Ask your employees to create complex passwords and change them regularly to keep the hackers guessing.
Another common mistake is having the same password for everything. If hackers uncover your password to an account, and you use that password for all of your accounts, that means the hacker has not one … but all of your passwords.
We know it can be difficult to remember several different complex passwords. That’s why we suggest using a password manager, which can keep all of your passwords organized in one location.
5. Ensure your IT department is patching and monitoring traffic
Your IT department plays a key role in keeping your data safe and protected from cyber attackers.
They should be continuously patching, providing updates, monitoring traffic, and administering training often on all software and devices, especially for remote employees.
They certainly have more technical skills than the rest of your company, so it’s up to them to guide and educate everyone else to help prevent cyber attacks.
6. Encrypt sensitive data
If your employees are not working in the same location, there is no way around sharing data with each other online.
But doing this creates an opportunity for third parties to access sensitive information, which could lead to identity theft, ransomware, theft, and more.
Therefore, employees should encrypt sensitive data in emails and on their devices.
Most email platforms have features that can convert emails, attachments, and contact info into coded text, allowing only the recipient to decipher the text.
Many business phone systems also allow you to encrypt voicemail messages.
And if you use file sharing platforms such as Dropbox? They automatically encrypt all data.
7. Get cyber insurance
You can do all of the first six steps perfectly, and it still might not be enough.
In addition to taking those cyber security steps, you should probably also consider getting cyber insurance.
Cyber insurance, which can be added onto a general liability policy, or purchased separately covers costs associated with a cyber attack or data breach.
This includes malicious actions such as hacking, viruses, phishing, denial of service (DoS) ransomware, malware and more; but also data losses from incidents such as computer glitches, power surges, and accidental deletions.
The insurance covers costs and legal fees incurred from business losses, investigations, lawsuits, and extortion.
In addition to the expense recovery, cyber insurance can offer assistance in other areas related to security, such as:
- Providing notifications about security threats and data breaches
- Recovering compromised data
- Repairing damaged computer systems and software
- Consulting on cyber related issues
In many cases, third-party cyber insurance, which protects the insured company if it makes a mistake that causes a client or partner to experience a data breach or cyber attack, is also available.
Want financial protection against cyber attacks?
If so, then seriously look into cyber insurance.
Cyber attacks are never 100% preventable, especially with remote employees. But if you take all the steps above, you are at least significantly reducing the risk of your business being targeted.
If a cyber attack were to ever happen to your business, it could be financially devastating - even company-ending. If you want to eliminate that chance, cyber insurance might be right for you.
To learn more about if cyber insurance might be right for you, check out this article: What is Cyber Insurance and Do I Need it?