How to strengthen your remote work cybersecurity plan
Previous

Best practices for preventing fraud and improving cybersecurity in a remote work environment.

The COVID-19 pandemic changed the way we work—and for many large and small businesses, that change appears to be permanent. According to 2023 data by the U.S. Bureau of Labor Statistics, approximately one in five Americans work from home. But while working remotely can be convenient for employees, it produces an opportunity for cybercriminals—one that can drastically affect your business’s finances and operations.

“Greater reliance on technology and remote work has created new ways that threat actors can target both financial institutions and companies,” says Adam Perino, Manager of Threat Hunting and Threat Intelligence at Regions Bank.

If your organization has changed its remote work policies in recent years, it may be time to adjust your cybersecurity plans. Here’s what you can do to safeguard your company and lower the risk of fraud impacting your business.

Maintaining safe processes with remote communications

One of the biggest sources of headaches for companies is business email compromise (BEC), which involves a scammer posing as someone the target would normally trust and persuading them to divulge sensitive information or send money. BEC attacks commonly involve a trusted vendor changing their payment information, but scammers may also take advantage of remote workers by posing as a colleague or senior staff member, such as the CEO, to demand an employee purchase gift cards.

Fraudsters frequently use telecom-based phishing to commit fraud via calls and text messages. For example, Perino says scammers frequently use caller ID spoofing to appear to be calling from a legitimate bank. By posing as a representative from your bank, they may be able to trick your employees into divulging sensitive information that allows them to access your business’s financial accounts.

Scammers can also pose as remote employees when calling into call centers to reset their credentials, add new devices or perform other malicious actions. “A simple phone call from a fraudulent actor can undermine an entire organization’s security,” says Perino.

Remind your employees to carefully review correspondence from third parties. They should also exercise caution as they pay invoices from new or existing suppliers, and never divulge sensitive information over the phone, text or email. They should avoid clicking suspicious links in emails or text messages that could end up compromising your company’s data and files. Finally, employees should never respond to unsolicited emails and texts or open links or attachments from unfamiliar senders. When in doubt about the legitimacy of the sender, reach out to them via out-of-band communications, such as using your company’s internal instant messaging system to verify who you are talking to or calling a vendor using the phone number on their website.

Keeping remote systems secure

When employees work remotely, your company’s communications, sensitive information and transactions may potentially be transmitted outside of secured business networks. With that in mind, take the following steps to protect your business:

  • Revisit cybersecurity basics. Revisit cybersecurity basics. Make sure all security software is up to date. Instruct employees to make sure they use a secure, password-protected network whether they are using a home connection or accessing your company’s server while on the go.
  • Use password best practices. Remind employees to keep strong, unique passwords on all devices and apps—a good guideline is at least 12 characters with a mix of numbers, symbols and capital and lowercase letters. Whenever possible, require your employees to enable two-factor authentication—a security feature that requires two forms of identification to access data (such as knowing their password and being in possession of their smartphone).
  • Take care of sensitive data, files and equipment. While working from home, employees may need to access confidential information or sensitive data. Remind them to store any hard copies in a secure location and shred the copies if they no longer need them. Employees should also password protect their laptops and avoid leaving equipment unattended.

Your company’s standard security practices should extend to your employees’ remote setup, as well.

Meeting future challenges today

Because cybercriminals are so skilled at evolving their tactics to exploit new weaknesses, employers should go beyond basic cybersecurity measures to ensure their systems are less vulnerable.

For starters, Perino recommends promoting “device hygiene” across your company. This means carefully implementing bring-your-own-device policies and teaching employees not to store work data outside of secure environments. “Employees shouldn’t send their work via email to a private email because once it gets off the work device, your company can no longer protect it,” he says. That, in turn, opens up a lot of risk. Additionally, he recommends requiring that employees update to newer devices and install operating system updates in a timely manner.

Next, implement a “zero trust” framework throughout your company, meaning no one should be given automatic access to everything. By tightly controlling who is privy to data within your business, a cybercriminal will be less likely to gain access to files across your entire company if one employee’s account is breached.

Also exercise caution with account resets. You should already require remote employees to convincingly prove their identity to reset their passwords. “You shouldn’t make this process so easy that cybercriminals can abuse it,” says Perino. “It should be harder than just providing an employee’s name and birth date, since cybercriminals can easily find this information online.”

Staying vigilant

As companies adapt to remote work as a normal, ongoing feature of business life, there may be lapses in fraud prevention and security efforts. Perhaps standard security practices have not been updated since pre-COVID times, or fraud prevention departments are understaffed. By updating your cybersecurity systems and encouraging your team to practice vigilance, you can help protect your business against a wide variety of emerging threats.


Three Things to Do

  1. Learn how to safeguard your business from financial fraud.
  2. Get tips on implementing a work-from-home policy that incorporates security.
  3. Determine whether your business could benefit from employing a cybersecurity lawyer.

Next