Security awareness

Security Awareness issues for Remote Workers

July 6, 2017 by Infosec

In today’s fast-paced times, changes happen in the blink of an eye. Take for example how companies have employed people. In the past, firms made it a point to house everybody inside the confines of their respective offices. Today, more and more companies, big or small, have slowly opened their doors and stepped outside the four corners of their office, literally and figuratively. Times have indeed changed and are continuously changing along with technology, as work no longer equates to sitting on a chair while facing a computer inside a cubicle in the office. Remote work is now slowly taking over.

Companies and business owners cannot really be blamed, since having their employees work in a remote setup yields a number of benefits and advantages both for them and their workforce. Studies have shown that employees who work from home tend to be more productive as compared to their office-based counterparts. Another advantage for the workers is that they don’t need to spend for transportation and expose themselves to the stress that comes with commuting, which also means they’ll be healthier.

As for the employers and business owners, having some of the staff work remotely will equate to more savings, as far as overhead expenses are concerned. They no longer need to pay serious amounts of money for a huge office space as well as for the electricity consumption.

Despite the numerous benefits of going remote, there are serious risks that still come with this trend. Risks that if left unaddressed early could mean serious losses for companies. These risks involve losses of valuable, confidential data and sensitive information that are not for public consumption.

Security Awareness is the Answer

Like in any other type of danger, preparation is crucial. If a remote worker would want to limit, if not totally avoid getting snared by these risks, it is imperative for him /her to be familiar with security awareness. A 2014 IBM study found that up to 95% of reported security incidents involved human error. This means that even if you hire the best of the best, especially when they are working remotely, your company and all its valuable data and confidential information are considered vulnerable different forms of security attacks.

Through security awareness training, you can equip your employees with the right knowledge, tools, and mindset that will keep them from falling prey to cyber attacks outside. So exactly can be learned and achieved through this kind of training? First, employees will learn how to secure their laptops or personal computers before they even begin working remotely. It is important to note that security awareness doesn’t begin and end with the computer or laptop. It also extends to the people within the company, particularly the way everyone communicates with each other when it comes to handling valuable information.

Furthermore, it also involves the environment or the immediate surroundings where employees are working, be it at home or some other place outside, as well as the actual information itself, and the way the employees handle it.

How to be secure when working remotely

Now that we have established the importance of security awareness and how companies, business owners, and employees can benefit from it, the next step is find the tools that will help achieve those goals of protecting data and other valuable information.

Virtual Private Networks. More popularly called VPNs, these networks are perfect for remote workers who prefer doing their daily tasks that could involve sensitive company data and information in using unsecured public networks. These usually include Wi-Fi hotspots in malls and coffee shops that expose valuable data to different kinds of attacks.

Similar to what a firewall does, VPNs protect your laptop’s data online, with the front end retaining the same security, functionality, and appearance despite being a Wide Area Network. A feature like this has made VPNs one of the more popular security tools among corporations who have employees working remotely. VPNs combine encryption protocols and dedicated connections to create virtual P2P connections, which in turn keep hackers from accessing transmitted data that they may have managed to obtain. This level of protection is attributed to VPNs’ encryption.

Furthermore, since some of today’s hackers have become creative and resourceful, VPNs also enable remote workers to alter their physical location by replacing the real IP address of the laptop.

As far as establishing a secure connection goes, it is relatively easy, as users only need to connect to the public Internet with the help of an ISP, then prompts a VPN connection with his company’s VPN server using client software. When done successfully, the remote worker will get to enjoy a secure connection together with user access to the company’s internal network.

With the changing times equating to more resourceful hackers and data stealers, a number of security protocols have been developed into VPNs through the years. Each of these protocols offer different features that would cater to the varying security needs and demands of companies. Some of the more common ones are the following:

  • Point-to-Point Tunneling Protocol (PPTP). Being used as early as the mid-90’s, PPTP is a VPN protocol that is known to be flexible in terms of its ability to be installed in different kinds of operating systems. It is, however, incapable of performing an encryption; rather, what it does is encapsulate the data packet. To cover the lack of encryption, secondary protocols are necessary.
  • Secure Sockets Layer (SSL) and Transport Layer Security (TLS). These two types of VPNs are commonly used by service providers and online retailers. It features a “handshake method” which generates the cryptographic parameters that serve as a means for the two systems to create a secure connection, as well as authenticating the session and exchanging encryption keys.
  • Secure Shell (SSH). This type of VPN creates the VPN tunnel as well as the encryption that provides the protection to the former. This feature enables remote workers to safely transfer information by routing traffic from remote file servers, using of course, an encrypted channel.
  • Layer 2 Tunneling Protocol (L2TP)/IPsec. Similar to the PPTP, the L2TP is likewise incapable of encryption. Nevertheless, it compensates by creating the tunnel while the IPsec takes care of the encryption. Moreover, the IPsec also covers the security of the channel while conducting data integrity checks. This is a key element of this VPN as it helps ensure that all of the pockets have safely arrived and that no compromise or harm affects the channel.
  • IP Security (IPsec). The partner of the L2TP, the IPsec can no less stand on its own as it operates in two modes: first, the tunneling mode, wherein it encrypts the data packet in its entirety, and second, the transport mode, wherein it only encrypts the data packet message. This type of VPN is often used to guard Internet communications.

Firewalls. A firewall software functions by filtering the information coming through the Internet connection and into your company’s computer system or private network, in the case of homes. Basically, it serves as a “checkpoint” wherein they bar packets of information that are flagged by filters. Firewalls are generally helpful especially for companies that have hundreds of employees using hundreds of computers.

Connectivity Guidelines. Just like in other companies from various industries, a set of rules or guidelines are put in place to achieve harmony in the workplace, which is tantamount to success in the long run. The same goes for remote security protection. Business owners should come up with security standards and policies that all remote workers should follow to the dot, and without any compromise. These guidelines may include rules that prohibit remote workers from accessing unsecured connections, unrecognized Bluetooth connections, and the like.

Going Cloud. Another excellent option that is becoming more popular among companies that are looking to improve their remote security are the web-based cloud solutions. This is because cloud-based solutions and apps are compliant with industry regulations. Moreover, data is much safer with the cloud, since it is not stored in a device but kept online and encrypted. Furthermore, cloud-based solutions require password before access to data can be granted. Business owners and managers can also regulate the access abilities of their employees.

Risky Behavior: What Every Remote Worker Should Avoid

The old adage “Prevention is better than cure” also applies to this very day, even on remote workers. Though there are a number of software that offers protection for valuable data and information, it is still crucial for employees working outside of the office to do their part.

Here are a few examples of risky behavior that should be avoided at all cost:

  1. Sharing the laptop or computer. This is one of the most common mistakes remote workers often commit, especially when they are working at home. They are easily tempted to share company-issued laptops to close friends and family members for online use. This is very dangerous, since there is a risk of not being able to monitor each and every website they go to, which could put your office data at risk.
  2. Accessing other networks. This exposes your laptop’s data to potential hacking, since no authentication is necessary to establish a network connection, especially when it comes to Public Wi-Fi. Hackers can easily access all of the information you are sending in the Internet, from confidential emails, to your company’s security credentials, and even credit card details.
  3. Carelessness in opening emails. During times when the workload is a bit heavy and the schedules are hectic, remote workers tend to speed up things without taking time to analyze what is in front of them. Emails often times come in succession, and there is the risk of opening everything. This includes clicking on the links without scrutinizing the source of the email if it is legit or not. By unknowingly clicking these suspicious links, data is exposed to hackers and online attackers.

Important Tips to Remember When Working Remotely

For business owners and remote workers alike, there are valuable tips for protecting sensitive company data. Some are simple, while some may take a little bit of the company’s resources. Regardless of its nature, these tips should be taken seriously:

  1. The laptop or computer you are using will likely make or break the security of your data. Make sure that your remote employees are using only the company-issued laptops instead of their personal computers when doing their work.
  2. Be wary of social media. In today’s age where everything goes viral, there are some remote workers who are required to engage in various social media platforms. Always make sure to check all links and their sources before clicking or opening any of them.
  3. Invest in topnotch encryption. Companies should make it a point to invest in encryption technology, especially when their remote employees are handling classified material on a daily basis. Better to spend now instead of later when things are starting to get out of hand.
  4. Be strict on policies. Regardless of how the employees will take it, it is imperative to implement strict security policies that should be followed by everyone, from top to bottom.
  5. Transparency is non-negotiable. For remote workers who have compromised company data, it is vital for them to report the incident immediately to their superiors. Owning up to your mistakes early on is better than pulling down everyone in the company to ruin.
Posted: July 6, 2017
View Profile