About 42% of workers have mixed work schedules, follow a Gallup research. These workers work in-office one or two days a week and telework the rest of the days. Employees come to the office to conduct and attend important meetings, access documents and office supplies, and work from home or anywhere else for the rest of the week.
As laptops and smartphones blur the line between work and play, employees can respond to Slack messages, send emails, and access sensitive company information from personal and public devices. their work on the go.
But do employees compromise their company’s security measures by working from their personal devices or completing their work on a local Starbucks Wi-Fi network? ZDNET spoke with experts about the pitfalls of teleworking and cybersecurity, and how employees and employers can avoid a dire situation.
Also: The best browsers for privacy (and the most common personal web security risks)
Here are a few things you might be doing to make your remote work setup less secure.
Two ways employees can improve remote work security
DON’T: Work from a personal electronic device
Script: You went to the office twice this week and want to spend the rest of the week at your parents’ house. To avoid carrying around work and personal laptops, simply bring your personal laptop. This way, you can get your work done and access software or websites that are blocked by your company’s IT department.
Also: How to find out if you are involved in a data breach and what to do next
Best case scenario, nothing out of the ordinary happens, and that’s business as usual. Worst case scenario, hackers can penetrate your personal computer’s defenses and access your sensitive work documents. Your logins and passwords are now vulnerable to nefarious attackers, and your company’s privacy is in jeopardy.
Solution: A security breach of this kind can result in your company information and your personal details being stolen. So it’s best to set your work computer to whatever setting you work in to keep your data safe.
DON’T: Download unapproved productivity software
Script: Your boss asked you to scan a PDF for an upcoming meeting next week, but you don’t plan to go to the office and don’t have access to a scanner at home. So you download a PDF scanner application not provided by your employer’s IT department to your computer to complete the task.
In the best case scenario, you can scan the document, give it to your boss, and tick that task off your mile-long to-do list. Worst case scenario, the application is filled with malware infecting your work computer. Now, you still need to scan the document and your computer screen is full of pop-ups.
Great.
Solution: Vonny Gamot, Head of EMEA at McAfee, says you should make sure any apps you’re downloading are legal and safe. The best way is to contact your IT department and check if there are any apps approved and licensed by your company to avoid accidentally downloading any malware.
Also: How to find and remove spyware from your phone
“While work-related apps for devices, like PDF editors, VPNs, and document scanners, can be great productivity boosters, nearly a quarter of them are malicious. that we The researchers found tools like this recently,” she said. “So make sure any apps or software you’re downloading are legitimate. Technology has allowed us to work more flexibly, but that flexibility comes with responsibility.”
Two ways employers can provide information security and privacy
DO: Help your employees check for phishing emails and messages
Script: As an employer, you command your IT team to send phishing emails to check on your employees. After testing, more than 50% of your employees clicked on the email, opened its attachment, or failed to report the email as phishing. Now you see that given the opportunity, many of your employees will inadvertently compromise sensitive information.
Solution: Set up plenty of opportunities to educate your employees about corporate security. Consider regularly performing phishing tests and updating them on combined best practices.
Also: What is Phishing? Everything you need to know to protect yourself from scammers
Quentyn Taylor, director of information security at Canon Europe, says employers should educate their employees on safety best practices, no matter how simple. Taylor also recommends that employers maintain a high degree of openness to employees making mistakes that could jeopardize company security.
“Promoting a culture of openness is also important,” he said. If there are violations, it’s important that employees feel comfortable coming forward to share their mistakes. “This helps minimize damage because problems often occur like snowballs if employees hide a bug — if the bug is exposed, it can be fixed.”
DO: Provide employees with VPN service
Script: An employee wants to work outside the local coffee shop. The employee connected to the cafe’s public Wi-Fi and got the job done in a few hours.
Best case scenario, nothing happens and staff work as usual. Worst case scenario, someone quickly breaks into the coffee shop’s network and steals the employees’ information, exposing their personal and work information.
Also: Best travel VPN
Solution: Ian McShane, vice president of Snow Wolf, says companies should invest in a VPN service to offer employees when working on public Wi-Fi networks. He says the company-provided VPN service can keep employees’ internet activity private.
But he said that companies should thoroughly check the VPN service they are licensing, as companies should assume that the VPN provider can access employees’ internet activity.
honorable mention
Stefano Amorelli, Segment CTO at dominateprovided ZDNET with some more tips to help you stay safe while working remotely.
- Consider providing employees with privacy screens for their work phones or laptops when working in public.
- Enforce full hard drive encryption if an employee’s work device is stolen or lost.
- Enforce multi-factor authentication.
- If you have to join a meeting that requires you to discuss sensitive company information, don’t do it in public.
In short, employees and employers should work together to ensure that their sensitive personal and professional information stays safe and secure. But employees can only take such responsibility for their company’s cybersecurity practices.
Also: The best password managers to easily maintain your logins
Inka Karppinen, lead behavioral scientist at CybSafesays that while there are many helpful tips for keeping employees safe, it is ultimately up to employers to protect their employees and their businesses.
“While people want to be part of the solution, they lead busy lives and can only do so much,” she said. “So employers need to not only empower their employees to see cybersecurity as a core value, but also give them the tools to be an effective line of defense.”
