Professional working remotely
Article

Cybersecurity awareness remains key for post-pandemic remote workforce

Authored by Mark Boettcher

The COVID-19 pandemic has fundamentally changed how, and where, many organizations and their employees conduct their work. Although organizations are starting to re-open their offices, many expect more employees to shift to being fully remote, and/or allow hybrid models to give employees flexibility. The overall trend is that many employees want to continue to work remotely, whether full-time or just a few days a week.

With the increase in employees working remotely, it may also increase chances that employees decide to work the afternoon at a local coffee shop or meet up with co-workers in a public setting. This may increase the use of public Wi-Fi to access the internet, which is commonly a target and vector for hackers.

Organizations need to continue to set good security policies and continue to educate their employees on good remote working hygiene. As a starting point, organizations should have a remote working / home security policy. The policy should outline the security considerations and the do’s and don’ts for employees IT behavior, which may include:

  • Prohibiting use of public Wi-Fi
  • Not using a work computer for personal use (e-mail, gaming)
  • Prohibiting use of device by family members (children for doing schoolwork, etc.)
  • Securing home Wi-Fi
  • Use of strong passwords

Organizations also need to continue to assess their own policies and implementation of security measures to reduce the risk of having a remote workforce. These may include:

  • Use of multi-factor authentication (MFA)
  • Encryption of devices
  • Use of VPN for secure connections
  • Utilization of collaboration tools in the cloud (versus employees saving files locally)
  • Monitoring of operating system updates to end devices, and protocols for ensuring employees are installing updates and patching to their devices in a timely manner
  • Use of anti-virus agents on all endpoint devices

Organizations need to continue to stress the importance of their cybersecurity and security awareness programs to their employees. Trends show that hackers continue to focus on remote workers, with the hope that employee guards are down more when they are remote versus when they are in the office. It is critical for organizations to continue to offer robust security training programs, and find ways to keep employees engaged and alert.

Please see more information on our remote working guide here.

Mark J. Boettcher
Partner, CPA, CISA, CBCP
Next up

ESG, SPAC among fiscal 2021 priorities for SEC investor advocate