Armanino Blog
Article

Cybersecurity Considerations for Your Remote Workforce

The number of employees working from home has grown to a scale we have not seen before, and the internet has become the primary means of workplace communication. This increased dependence on digital tools can open up your company to significant risks, including cyberattacks.

Technology, culture and COVID-19 disruption have all contributed to this global workforce change, and we are only at the beginning of organizations addressing the cybersecurity infrastructure and training needs and risks of the remote workforce. Employees working inside the physical walls and firewalls of a trusted organization’s IT environment may quickly become a thing of the past, and a smooth transition to this new normal is incredibly important in mitigating business risks.

Phishing and malware attacks are increasing and will continue to rise. Attackers will take full advantage of remote network vulnerabilities, poorly trained employees who are unable to identify phishing efforts, and news stories that can serve as a façade for their cyberattack efforts. These nefarious individuals are using various tactics to compromise user credentials, payment information and other data that can be monetized.

Below are some tips to help your users stay safe when connecting online from home, along with a cybersecurity best practices checklist for your IT management team.


Ways to help your users stay safe:

  • Make sure employees’ home Wi-Fi connections are secure by using WPA2 encryption, which is recommended for home networks. While most Wi-Fi is correctly secured using WPA2, some older installations or equipment may not be — i.e., they are using WEP encryption, allowing someone with basic hacking tools to access your network.
  • Train your employees to be careful when opening and clicking links to emails that include news stories, receipts or refund type information. Train employees to hover over hyperlinks in emails to verify that they are going to the anticipated site. If they are unsure of the sender, they should treat the email as a phishing attempt and notify the company IT helpdesk immediately.
  • If employees are accessing company confidential data remotely via cloud storage (for example, Dropbox, BOX or One Drive), make sure that they understand how to follow your company’s procedures for accessing data.
  • Ensure that employees are following your organization’s backup strategy by saving important files on the locations covered by your IT backup policy. Important files should be backed up regularly. In a worst-case scenario, if you become a victim of ransomware, your data can be retrieved from backup storage.
  • Make sure employees are using a secure connection to your work environment via a virtual private network (VPN). A VPN provides increased security by encrypting the line of communication between your device and your work network.
  • Ensure that your employees have encryption tools installed. Encryption helps prevent unauthorized access to the data on devices. Data is encoded in a manner that makes it difficult for unauthorized people to decipher. This can be especially important in case of a lost or stolen device, as it helps prevent strangers from accessing employee and company data without the encryption key.
  • Require the use of strong password protection and authentication. Strong passwords contain at least eight characters and include numbers, symbols, and capital and lowercase letters. Changing passwords on a regular basis is also important.
  • If your company offers the use of multi-factor authentication (MFA), be sure to train employees to take advantage of the technology, as this grants an additional layer of protection.

Cybersecurity best practices your company can perform to reduce digital risk:

  • Provide cybersecurity awareness training or webinars specifically around phishing attempts
  • Review Department of Homeland Security guidance on avoiding social engineering and phishing scams for more information on recognizing and protecting against phishing
  • Review the Federal Trade Commission’s blog post on how to avoid COVID-19 scams.
  • Use trusted sources — such as legitimate government websites — for up-to-date, fact-based information about COVID-19.
  • Assess your organization’s third-party IT vendors for potential impacts from disruption of service resulting from COVID-19.
  • Discuss with third-party IT vendors any challenges they may be facing or may expect to face due to the ongoing situation.
  • Identify potential alternate sources of outsourced vendor services and/or conservation measures to mitigate disruptions.
  • Communicate with key customers to keep them informed of any IT/security issues you have identified and the steps you are taking to mitigate them.
  • Review and evaluate your existing disaster recovery and business continuity plans (DR/BCP) to confirm that they are still up-to-date and meet your enterprise business needs.
  • Review existing controls that protect your network, as you are allowing more traffic in your network via remote sessions. Ensure that only authorized traffic and users are allowed to connect.

Ultimately, remote user security from home does not come down to following one set of guidelines. Protections can vary from situation to situation, and using your best judgement becomes crucial. By following cybersecurity best practices and helping users become more aware of where and when to access company data and how to do so safely, you can help ensure that sensitive company information is always protected.

July 06, 2020

Stay In Touch

Sign up to stay up-to-date with the latest accounting regulations, best practices, industry news and technology insights to run your business.

Resources
More News and Insights
Webinars
Webinar
See how to say goodbye to 2020 and start 2021 with a successful accounting strategy.

December 10, 2020 | 1:00 PM - 2:00 PM PST
Webinars
Webinar
Understand next steps and important developments.

December 10, 2020 | 9:00 AM - 10:00 AM PST
Webinars
Webinar
Phil Sanderson discuss the current state and possible future of the gaming industry.

December 7, 2020 | 11:30 AM – 12:30 PM PST