How to reduce security risks for remote workers

by Stephen Danos

As people adjust to the new reality of social distancing and working from home in response to COVID-19,  identifying security needs rests on the shoulders of overworked IT teams. Before the pandemic, a sizable portion of the U.S. workforce had transitioned to working remotely, whether for corporations or as freelancers. In 2017, the U.S. Census found that eight million (5.2%) workers in the U.S. worked from home full-time.

Now, many white-collar professionals are required to work from home, creating an opportunity to show the value of remote work, even though it results in newfound work-related stresses. All in all, these changes to how we work could push that number to rise even higher than expected. As a result, IT teams are likely to see an increase in service requests and virtual troubleshooting sessions.

While managing remote employees creates challenges (such as visibility into work and disconnected communications), IT departments know that if employees are too relaxed about security compliance, it can put an entire company at risk for cyber threats. To combat these risks, it’s important to provide ample security awareness training and tests, as well as clearly defined security rules, and ensure that all security best practices are accessible to all employees, especially during a crisis like the COVID-19 pandemic. 

Illustration of a whiteboard with a pie chart icon

1. Regular IT security awareness training and testing

The best IT departments make awareness training and live tests mandatory. According to Spiceworks 2019 State of IT report, awareness training and live tests together are “considered the most effective solution for preventing security incidents” across numerous industries.

Educating employees on why security training is so important can help improve compliance. For example, if you deploy a phishing email test to the whole company, you can send any employee who clicks on a suspicious link to a training video or article that shows how to spot a scam.


Report: Four Critical Principles of Enterprise Security

There are also various tools on the market that offer automated phishing simulations and provide your IT team with metrics reports that tell you how well your employees performed. 

Once employees are allowed back in your offices, your IT team could create short, virtual educational sessions, so that employees don’t feel overwhelmed with information. Lunch and learns and informal conversations allow you to connect with employees more regularly. Ultimately, you’ll want the format to sync with your company culture.

You can set up sessions for remote workers, so you can engage directly with them and answer any questions they have about security rules and best practices. Lastly, you can email all employees key information about important IT updates, providing the context and training materials such as articles or videos that are relevant. 

Illustration of the world with a checkmark

2. Define clear security rules

New employee onboarding is an opportunity to train employees whether during a virtual meeting or in person, on how to use standard tools such as a virtual private network (VPN) and two-factor authentication when they log on to their company-owned laptops or mobile devices. But it’s also a key moment to again stress why security is so important. 

In a recent study of CIOs and senior IT leaders, 81% admitted to seeing security issues related to the Wi-Fi network their employees used. Only 46% of these enterprises were confident that remote workers use a VPN during the workday, and 94% of CIOs surveyed think that bring your own device (BYOD) policies lead to more threats to mobile security.


Report: The Hidden Costs of SaaS Sprawl

You can make it mandatory that workers use a VPN, lock users out after a number of unsuccessful computer login attempts, set up automatic software updates for commonly-used platforms and operating systems, ensure that all devices are encrypted, and enforce cybersecurity travel and remote work policies. 

When your IT leaders agree on rules and how to manage security for remote workers, making those rules and best practices easily available ensures all employees can reference them from anywhere.

Illustration of an eye

3. Make best practices widely available

To mitigate risk, IT departments can document best practices and make them available to their organization. You can create a protected IT knowledge base or wiki website that provides the steps to basic security best practices. This could include how to regularly change passwords or save data on secure cloud-based servers. Add context to show how these protocols help protect employee information. 

You’ll also want to make sure employees are cognizant of where their company laptops and devices are at all times. When shelter-in-place rules are lifted and businesses reopen, not everyone will immediately return to their respective offices. In fact, some employees aren’t under stay-at-home guidance yet. 

This opens up employees who go to a gym or work at a coffee shop more vulnerable to their work laptop being lost or stolen. The security of physical devices is hard to monitor from an IT perspective, so it’s key to communicate best practices around device security to your workforce.


Report: Are Your Technology Investments Paying Off?

You can also quickly build a resource hub to educate employees using a Smartsheet portal or dashboard. Smartsheet is a leading collaborative work management platform that helps keep data safe, gives you control of user access, and provides you with methods to safely share information inside and outside of your organization. 

While many customers use Smartsheet to build dashboards for IT ticket tracking, you can similarly build a Smartsheet portal that houses all educational resources, videos, websites, and security policies. This way all employees can access the information in one place. While this might not reduce the amount of service requests you see during the COVID-19 crisis, it can help remote employees find answers to pressing questions. This helps IT teams focus on business critical service and infrastructure requests and strategy.

Whether you use an internal website, Smartsheet, or both, providing the right educational material and tools can help your remote workers stay productive while avoiding risky behaviors that compromise your company’s security. 

Does your IT department service hundreds or thousands of employees at your company? Check out our recent report “The Four Critical Principles of Enterprise Security”, and learn how Smartsheet addresses the challenges presented by each. 

Subscribe to the Smartsheet IT Newsletter for tips, strategies, and ideas focused on helping IT professionals increase their impact on their business.