How to reduce security risks for remote workers

by Stephen Danos

As more people flock to companies that offer flextime, more workers are working from anywhere (WFA) than ever before. In 2017, the U.S. Census found that eight million (5.2%) workers in the U.S. worked from home full-time. That’s quite a leap from 3% in 2000, a number that seems likely to rise. Some companies embrace this trend, as remote work often leads to improved employee engagement and productivity. 

In fact, a recent study focusing on the rollout of a WFA program saw a 4.4% increase in productivity in those workers; this increase could add a staggering “$1.3 billion of annual value to the U.S. economy.” The other side of the WFA coin is how the demand for these opportunities impacts information technology (IT) departments.

If you work in IT, you already know this subject can be a source of anxiety when it comes to data security. While managing remote employees creates challenges (such as visibility into work and disconnected communications), IT departments know that if employees are too relaxed about security compliance, it can put an entire company at risk for cyber threats.

To combat these risks, it’s important to provide ample security awareness training and tests, as well as clearly defined security rules, and ensure that all security best practices are accessible to all employees, both at the home office or in the field. 

Simple illustration of a whiteboard with a pie chart icon

1. Regular IT security awareness training and testing

The best IT departments make awareness training and live tests mandatory. According to Spiceworks 2019 State of IT report, awareness training and live tests together are “considered the most effective solution for preventing security incidents” across numerous industries.

Educating employees on why security training is so important can help improve compliance. For example, if you deploy a phishing email test to the whole company, you can send any employee who clicks on a suspicious link to a training video or article that shows how to spot a scam.


Report: Four Critical Principles of Enterprise Security

There are also various tools on the market that offer automated phishing simulations and provide your IT team with metrics reports that tell you how well your employees performed. 

Then, your IT team could create short educational sessions, so that employees don’t feel overwhelmed with information. Lunch and learns and informal conversations allow you to connect with employees more regularity. Ultimately, you’ll want the format to sync with your company culture.

You can set up separate sessions for remote workers, so you can engage directly with them and answer any questions they have about security rules and best practices. Lastly, you can email all employees key information about important IT updates, providing the context and training materials such as articles or videos that are relevant. 

Simple illustration of the world with a checkmark

2. Define clear security rules

New employee onboarding is an opportunity to train employees, including remote workers, on how to use standard tools such as a virtual private network (VPN) and two-factor authentication when they log on to their company-owned laptops or mobile devices. But it’s also a key moment to again stress why security is so important. 

In a recent study of CIOs and senior IT leaders, 81% admitted to seeing security issues related to the Wi-Fi network their employees used. Only 46% of these enterprises were confident that remote workers use a VPN during the workday, and 94% of CIOs surveyed think that bring your own device (BYOD) policies lead to more threats to mobile security. 


Report: The Hidden Costs of SaaS Sprawl

You can make it mandatory that workers use a VPN, lock users out after a number of unsuccessful computer login attempts, set up automatic software updates for commonly-used platforms and operating systems, ensure that all devices are encrypted, and enforce cybersecurity travel and remote work policies. 

When your IT leaders agree on rules and how to manage security for remote workers, making those rules and best practices easily available ensures all employees can reference them from anywhere.

Simple illustration of an eye

3. Make best practices widely available

To mitigate risk, IT departments can document best practices and make them available to their organization. You can create a protected IT knowledge base or wiki website that provides the steps to basic security best practices.

This could include how to regularly change passwords or save data on secure cloud-based servers. Add context to show how these protocols help protect employee information. 

You can also quickly build a resource hub to educate employees using a Smartsheet portal or dashboard. Smartsheet is a leading work execution platform that helps keep data safe, gives you control of user access, and provides you with methods to safely share information inside and outside of your organization. 


Report: Are Your Technology Investments Paying Off?

While many customers use Smartsheet to build dashboards for IT ticket tracking, you can similarly build a Smartsheet portal that houses all educational resources, videos, websites, and security policies.

This way all employees can access the information in one place, which helps reduce the number of questions IT professionals are asked every day. Instead, they can focus on service and infrastructure requests and strategy.

Whether you use an internal website, Smartsheet, or both, providing the right educational material and tools can help your remote workers stay productive while avoiding risky behaviors that compromise your company’s security. 

Does your IT department service hundreds or thousands of employees at your company? Check out our recent report “The Four Critical Principles of Enterprise Security”, and learn how Smartsheet addresses the challenges presented by each. 

Subscribe to the Smartsheet IT Newsletter for tips, strategies, and ideas focused on helping IT professionals increase their impact on their business.