And as laptops and smartphones blur the lines between work and play, workers can answer Slack messages, send emails, and access sensitive company information from their personal and work devices while on the go. But are workers compromising their company’s security measures by working from a personal device or completing their work on their local Starbucks’ Wi-Fi network? ZDNET spoke with experts about the pitfalls of remote working and cybersecurity and how employees and employers can avoid a catastrophic situation. Here are a few things you may be doing to make your remote work setup less secure. Also: The best password managers
Tips for employees
Tips for employers
In conclusion, employees and employers should work together to ensure their sensitive personal and professional information stays safe and secure. But employees can only be so responsible for their company’s cybersecurity practices. Also: How to find out if you are involved in a data breach and what to do next Best case, nothing out of the ordinary happens, and it’s business as usual. Worst case, a hacker can infiltrate your personal computer’s defenses and access your sensitive work material. Your logins and passwords are now vulnerable to those with nefarious intentions, and your company’s privacy is in jeopardy. Solution: A security breach of this nature can lead to your company’s information and your personal details being stolen. So, it’s best to lug your work computer to whatever setting you work from to keep your data safe. In the best case, you can scan the document, get it to your boss, and check that task off your mile-high to-do list. Worst case, the app is filled with malware infecting your work computer. Now, you still need to scan the document, and your computer screen is full of pop-ups. Great. Solution: Vonny Gamot, head of EMEA at McAfee, says you should ensure that any apps you’re downloading are legitimate and secure. A best practice is to contact your IT department and check if any apps are approved and licensed by your company to avoid accidentally downloading any malware. Also: How to find and remove spyware from your phone “While work-related apps for devices, like PDF editors, VPNs, and document scanners, can be great productivity boosters, almost a quarter of the malicious apps that our researchers found recently were tools like these,” she says. “So, make sure any apps or software you’re downloading are legit. Technology has enabled us to work more flexibly, but that flexibility comes with responsibility.” Solution: Set up multiple opportunities to educate your employees about company security. Consider regularly executing phishing tests and updating them on hybrid working best practices. Also: What is phishing? Everything you need to know to protect yourself from scammers Quentyn Taylor, director of information security at Canon Europe, says employers should educate their employees about safety best practices, no matter how straightforward. Taylor also recommends that employers maintain a high level of openness regarding employees making missteps that could jeopardize company security. “Promoting a culture of openness is also critical. If there is a breach, it is important that employees feel comfortable coming forward to share their mistakes,” he says. “This helps mitigate the damage as issues often snowball if employees hide errors – if an error is out in the open, it can be fixed.” Best case, nothing happens, and the employee works as usual. Worst case, someone quickly infiltrates the coffee shop’s network and steals information from the employee, exposing their personal and work information. Also: The best travel VPNs Solution: Ian McShane, vice president of Arctic Wolf, says companies should invest in a VPN service to provide to employees when working on a public wifi network. He says a company-provided VPN service can keep employees’ internet activity private. But he says companies should thoroughly vet the VPN service they’re licensing, as companies should assume that the VPN provider can access employees’ internet activity.
Consider supplying employees with a privacy screen for their work phone or laptop while working in public.Enforce full-hard drive encryption if employees’ work devices are stolen or lost.Enforce multi-factor authentication.If you have to participate in a meeting that requires you to discuss sensitive company information, don’t do it in public.
Inka Karppinen, lead behavioral scientist at CybSafe, says that although there are many valuable tips for employees to stay safe, it’s ultimately up to employers to protect their employees and their business. “While people want to be part of the solution, they have busy lives and can only do so much,” she says. “Therefore, employers need to not only empower their people to value cyber security as a core value, but also give them the tools to be an effective line of defense.”