The sudden shift to working from home during the COVID-19 pandemic increases the risk of cyber-attack for organizations. A dispersed workforce creates system and network vulnerabilities that cyber criminals are eager to exploit.

Telework was already on the rise before the current health crisis. According to research by International Workplace Group, in 2019 more than half of employees globally worked outside of their main office headquarters at least 2.5 days per week.¹ In addition, companies are increasingly utilizing freelancers, who could comprise up to half of the workforce within a decade.² The COVID-19 pandemic has accelerated drastically the work-at-home trend in a matter of weeks. Uncertainty remains over how long shelter-at-home orders will last and the longer-term impact the pandemic will have on workspaces.

What’s at risk for remote workers

Employees working from home may use personal computers and mobile devices to log into company networks and access sensitive and confidential information. They also may rely on home internet connections instead of using their organization’s systems and security protocols. In person meetings and conversations have been replaced by online communication, including email, collaboration tools, and video conferencing.

The FBI’s Internet Crime Complaint Center (IC3) has warned that criminal groups will target businesses and individuals in many ways, with some of the potential weaknesses including: telework software applications, such as video conferencing software and voice over Internet Protocol (VOIP) conference call systems; telework software obtained from untrusted sources; communication tools; remote desktop sharing for collaboration.³

Take precautions to protect your organization

Given the current, urgent need and long-term trend towards telework, it’s important to take precautions to help protect yourself, and your organization, from the threat of cyber-attack.

What should workers be doing?

• Make cyber security part of a daily routine. With an increase in cyber-attacks using email to launch malicious attacks, or steal money and valuable information, attention to security should be integral to a daily work routine.⁴
• Separate home and work activities. Personal activities should be done on a different device. Similarly, other household members should not use someone else’s designated work computer or mobile device.
• Beware of emails from unknown senders. Advise employees not to open email attachments or click on links in emails where they don’t recognize the sender. Your organization may have tools that block and report suspected phishing emails. A best practice is to always verify web addresses of websites to make sure they are legitimate.⁵
• Carefully follow security policies and procedures. It’s important to adhere closely to the rules put in place by your organization’s IT and risk management teams. For example, many companies only allow employees to use approved collaboration tools.
• Immediately report any suspicious incidents. Employees should use the proper channels to report dubious emails, even if they don’t open them. If they are receiving them, others may be targeted too.
• Keep informed of policy changes. Organizations are relying heavily on email to communicate policy changes. It’s important that employees carefully read all communications on new and updated policies around security.⁶
• Secure your workspace. Many organizations have “clean desk” policies and they are just as important when working from home. Remember to lock your workstation before stepping away. Ensure laptops and other electronic equipment remain properly secured. Put away sensitive business materials before leaving your work area.
• Properly dispose of sensitive materials. It is good practice to dispose of sensitive physical materials when no longer needed. This may include shredding these materials or returning them to the business for appropriate disposal. Be sure to follow your organization’s policy for disposing of these materials.

What are some additional steps for organizations to consider to bolster cyber security for remote workers?

• Provide security resources to employees. Many organizations have security measures to support safe remote working. Measures include providing employees with computer equipment, designated firewall and antivirus protection, and security features like a virtual private network (VPN) that employees can use to securely send and receive sensitive data.⁷
• Review policies for potential vulnerabilities. Are security measures like dual custody in place for remote workers who handle financial transactions? As video conferencing becomes the norm, are you restricting the list of attendees and requiring the use of passwords? Rigorously review and strengthen your policies where there are gaps.
• Only work with trusted telework software providers. Do your homework when choosing vendors. When selecting vendors, be sure to also consider security features.
• Test your vulnerabilities. Penetration testing is important for detecting vulnerabilities.

This list of considerations for helping you fortify cyber security for remote workers is not all-inclusive. Be sure to focus on the increased threat of cyber-attack as more workers than ever are telecommuting. Employee education and awareness, along with technology tools and strong policies, still remain important front-line defenses.