Working at a secure terminal in company headquarters used to be the norm. Over the past decade, with the increased adoption of cloud computing and virtualization, accommodating remote workers became more feasible for diverse sectors of business and industry. When the pandemic hit, the shift to remote work accelerated.
Abruptly, employees transitioned from commuting to the office to working remotely at locations all over the globe. Not only did workers have greater flexibility in their schedules and locations – businesses benefited from greater access to the global pool of human capital. However, these businesses had to address cyber security risks compounded by a decentralized work force.
What are the different types of remote work that require extra cyber security?
It is difficult to name a job that does not require some level of cyber security. End-to-end encryption is now standard in the majority of email clients used by individuals. Even a farm stand selling onions and carrots to neighbouring homes will probably use a mobile terminal for processing card payments. However, there are some jobs that face extra cyber security risks for business:
- Telehealth services deal with sensitive patient information and must ensure absolute confidentiality.
- Banks and investment firms are prime targets for hackers.
- Legal firms are bound to keep client information confidential, and are often targeted for this valuable data.
- Any large corporation that manages a high volume of transactions can be a target.
Risks of not having good remote work cyber security
Obviously, flaws in cyber security can put assets and proprietary information at risk. You can lose clients, money, data, and your company’s reputation. It is important to define these risks so that you can address threats appropriately. Incorporate this threat checklist into your small business’s cyber security template to get a jump on.
- Unsecured private terminals used by employees, even for checking email, can pose challenges to your business’s cyber security. Providing your employees with secure devices and instructing them to use them exclusively for work tasks is a good way to address this threat.
- Shaky network security abounds in a world where 5G is increasingly replacing private WAN and LAN networks in everyday web access. However, as edge computing becomes increasingly utilized by businesses eager to reduce latency in virtual and augmented reality applications, filling in service gaps with 5G may become inevitable. Using a virtual private network (VPN) mitigates this risk by adding an extra layer of protection.
- Employees with a poor understanding of security risks can compromise a company’s cyber security infrastructure without realizing. Cyber security training for small business employees reduces this risk.
Below, we look at a case example for cyber security in a small business in the financial sector. The threats listed above will be addressed in the sample small business’s cyber security plan. In addition, measures will be taken to manage risks associated with the unique circumstances of the CEO and her employees.
How can you stay safe when working remotely?
Alicia runs a boutique investment firm for commodities speculators. Her employees are located in Canada, Panama, and Spain. Each employee receives an encrypted work laptop with two-factor authentication. When performing work tasks, employees are connected to a secure VPN. All employees are trained in advanced cyber security and are subject to penetration tests at random intervals to determine susceptibility to phishing scams.
Virtual desktop infrastructure is a new strategy that Alicia implemented shortly after her employees began to work remotely during the pandemic. Alicia and her staff store images of their work PCs on remote servers. While more senior staff members retain their encrypted laptops, new hires have the option of keeping their old PCs and accessing a virtual desktop. The recently on-boarded back-end developer from Panama doesn’t have to be shipped a physical copy of her new computer — she can simply use her existing laptop and access her work computer virtually.
Client information is stored on secure servers in a locked basement room in Toronto, accessible only by Alicia and her office manager, Kent. Kent is based in Toronto, while Alicia spends most of her time in Québec City. She travels to the central office once a month. These trips often involve updating information on encrypted flash drives that require authentication by both Alicia and Kent to decrypt.
Alicia’s business has successfully headed off phishing attacks and hackers multiple times by strict adherence to a cyber security business plan template that protects her data and her clients while enabling her employees to work remotely.
Government recommendations for remote work cyber security
The Government of Canada recommends a four-pronged strategy to address cyber security: good security tools, employee training, device protection, and information protection.
Cyber security software for business should utilized and updated regularly. Anti-virus software is critical. Application whitelisting, firewalls, and the use of a virtual private network can head off threats to network security.
No matter how strong your encryption software, an employee vulnerable to phishing scams can compromise your business’s cyber security. Instituting cyber security training for a small business can be the difference between success and failure in today’s market. Your employees should be taught how to recognize a phishing attack as well as receive training in basic cyber security hygiene: turning off Wi-fi and Bluetooth when the device is not in use, knowing who to contact when a suspected security risk is spotted, and creating strong passphrases.
An effective cyber security policy template for a small business will include airtight device protection. Use multi-factor authentication and password-enabled screensavers to prevent easy access by unauthorized users.
Information protection can be achieved with encryption and secure back-up storage. The principle of least privilege should also be applied: employees should only have access to the information necessary for their specific tasks.
Key take-aways for your cyber security strategy
Keeping your business up-to-date with cyber security is even more important in the new remote work environment. Along with non-digital solutions like improved employee training, you can implement cyber security software like virus protection and hardware like secure servers. Secure devices and safe data storage solutions, ranging from on-site servers for supporting data lake implementation to virtual desktop infrastructure for remote workers, will boost the effectiveness of your cyber security policy.
This post is also available in: FR