How To Maintain Security When Employees Work Remotely
With the increase in remote work, many IT managers have faced the new challenge of figuring out how to maintain security when their employees work remotely. Here are several IT strategies to improve cybersecurity for companies that allow remote working.
Best security practices for work-from-home employees
Work-from-home employees surface unique security concerns for businesses. Address the added variables of multiple devices, additional device users, and various remote work locations with these remote work security best practices.
Want to learn more about using a password manager for your business?
Check out Dashlane's business plans or get started with a free business trial.
- Ensure your employees are using a VPN
A virtual private network (VPN) allows employees to securely connect to the internet. Using encryption, a VPN hides a user's data and IP address so they can connect to WiFi hotspots without drawing the attention of cybercriminals. Network security is especially important for remote employees. They should use VPNs everywhere—from coffee shops to a family member’s house to their own home.
Learn how to set your employees up with a VPN.
- Create a culture of security
The most secure hybrid and remote companies don’t necessarily use the fanciest, most expensive equipment. Secure businesses achieve cybersecurity success by creating an internal culture of security awareness. Implement the following policies to ensure your employees know how to use the tools you provide them and make the right security decisions:
- Educate your employees by planning annual cybersecurity training. By making this training an annual affair, you can also use subsequent meetings to communicate policy changes and updates.
- Require written signatures on password safety and cybersecurity policies. Require all employees to sign off on the material with a written policy. This document should cover rules surrounding employer-provided devices and personal devices used for work purposes, details about onboarding and offboarding processes, and managing permissions across the organization.
Pro tip: A strong remote work cybersecurity policy needs password use and storage guidelines. This policy should require employees to create long and unique passwords and to use 2-factor authentication whenever accessing apps for professional use.
- Equip your workers with the right tools
Several tools, such as VPNs and 2-factor authentication (2FA), can work together to strengthen a cybersecurity policy and make everyone’s job easier.
Password managers are essential cybersecurity tools, and the right one can stretch far beyond its primary use. For example, Dashlane provides more than a password storage vault. The software also helps employees securely share passwords and provides IT managers with analytics tools that monitor the strength and security of their employees’ passwords.
- Update your systems regularly
Software updates can be among the first and strongest lines of defense against cybercriminals. Make sure all your systems, including firewalls and antivirus software, are routinely updated. To make IT’s job easier, set up these programs to update automatically. As an employee, pay special attention to IT emails regarding updates. When you get an email or notification about updates, be sure to take action immediately (use it as an opportunity to take a quick work break!).
Common remote working security risks
IT has less control over security when employees work outside their secure WiFi and, sometimes, on their own devices. Therefore, everyone needs to be informed and take ownership of cybersecurity responsibilities. Here are common security obstacles that are made more challenging by a remote working environment:
- Lack of security training
Most data breaches happen due to leaked or stolen passwords. Educating employees on safely storing passwords can prevent cybercriminals from accessing them. However, onboarding remote employees can be a unique challenge that can result in missed information and incomplete training. Additionally, depending on the company accounts and platforms they’re given access to, contractors and freelancers may require different training than full-time employees.
Employee education—whether in-person or remote—should extend beyond password management and include concepts such as identifying common attack strategies used by cybercriminals (like phishing or spoofing) and outlining common threats specific to your industry.
- Lax policy enforcement
As violations of a company’s cybersecurity policy accrue, it can be difficult to enforce password resets or other correctional actions, especially with remote employees who can be challenging to communicate with.
As soon as employees notify IT managers of potential breach attempts or phishing attacks, IT should take immediate action.
- Unsecured internet access
In a remote work environment, employees may want to exercise their freedom by working in a library, café, or coworking space, but public WiFi is an easy access point for cybercriminals. They can use your WiFi connection to deliver malware directly to a laptop or set up imposter networks to trick users into joining that network instead of the correct one. That’s why using a VPN is preferred; by hiding employees’ IP addresses and encrypting their data, VPNs make working in a café or private residence cyber-secure.
- More applications; more passwords
Remote work wouldn’t be possible without remote file sharing, chat applications such as Slack, and time-logging tools. But using each application means coming up with a different password for each one, which can encourage unsafe password storage and sharing or reusing passwords. According to a PEW research survey, 78% of employees believe it’s important to be knowledgeable about online security. However, 36% write passwords down on paper, 23% store them in a browser, and 16% record them in other unsecured ways, such as an address book or a notes app on a device.
How to create a strong cybersecurity strategy for remote work
Password policies, employee education, and equipping remote workers with the correct tools are all part of a cybersecurity strategy. Whether you manage IT for an in-person, hybrid, or completely remote company, maintaining a cybersecurity strategy while remote working can help you identify areas for improvement and increase your security over time.
Creating a strong cybersecurity strategy for a remote work environment requires several steps, including:
- Identifying risks to your organization and opportunities for improvement
- Setting goals and measuring progress over time
- Creating a security-first culture with educational training and policy sign-offs
- Getting professional assistance from experts and security tools
Follow our step-by-step guide for creating a cybersecurity strategy.
Password managers for remote employees
A password manager is a valuable tool in the IT manager’s arsenal against cybercriminals. According to the Future of Secure Work for People + Organizations report, they’re growing in popularity. Increased password manager usage was the top change organizations made as a result of remote work, with 38% of employees and leaders identifying this shift.
Password managers can save remote employees time while maintaining a secure web presence. Autofill, easy password sharing, single sign-on technology, and 2-factor authentication are all double-duty features that ease an employee’s experience while keeping their internet browsing safe.
IT managers also stand to benefit from password managers. Dashlane offers Dark Web Monitoring that scans the dark web—where most stolen passwords are sold—for employee passwords. IT dashboards and password health scores can help identify weak spots and target areas for improvement. Dashlane offers these features, as well as secure password sharing and a free Password Generator.
Interested in learning more about maintaining remote worker security?
Read Dashlane’s Future of Secure Work for People + Organizations Report.
- Canada.ca, “Cyber security for small businesses: Why software updates are essential,” January 2020
- Washington Post, “Want to avoid a cyberattack? Stop ignoring those pesky software updates,” March 2022
- Pew Research, “About three-in-ten U.S. adults say they are ‘almost constantly’ online,” March 2021