AIM Moderator: Good morning and thank you for joining us today. With the rise of COVID-19, more workers are working remote for the first time. The key to building an effective and productive remote workforce is through technology. Technology has evolved to cater to the needs of remote workers. This includes applications being secure and being able to keep employees engaged. This morning Jeff Lauria of iCorps Technologies will be speaking about the software, security best practices, and cohesion techniques that employers can apply to ease the transition and ensure that employees stay productive and engaged.
Before we get started I want to go over some house keeping items. Today we will not be doing a live Q&A. We have already gotten questions submitted to us and we will do our best to answer those, and if you have a question please put it in the chat in the right hand corner. We have two handouts in the handout section today. The first is a copy of this PowerPoint and the second is our model policy on working remotely. Its an honor to present our hosts Jeff Lauria and Lori Bourgion, SYP Field Operations at AIM HR Solution.
Jeff Lauria: Thank you much for that introduction and thank you for joining us today. What I’d like to talk about is the numbers in our workforce, and the challenges that our employees and employers face. 88% of organizations have encouraged or required their employees to work from home. To give you some context, roughly a year ago 7% of workers worked remotely. That was a drastic change, and with that from an IT and HR perspective comes a lot of challenges.
One of the major ones is engaging employees at home. A lot of employees feel like they are on an island of their own. 40% of organizations have increased employee engagement by using technology. 32% of employers have developed technology within the last 60 days to support their remote workers. Because of the rapid deployment, people are deploying technology that is not well vetted. With all of these changes, cyber crime has increased by 300%. To give some perspective, before the pandemic the FBI was getting around 1,000 complaints per day because of cybercrime, where as now they get around 4,000. Cybercrime is taking off because the workforce is working from home and they’re using unsecure platforms.
Challenge number 1 is how to engage employees in this new era. There are a lot of video platforms out there and people often wonder how they choose one. The first thing is to recognize what you want to get out of that platform, and how you’re going to use it. When we look at Teams, it’s primary role is collaboration, not necessarily presentation. If you’re going to use a platform for webinars, GoToWebinar and Webex are both really good platforms. If you want to focus on more collaboration then Teams is a great platform to do that. You also want to make sure that these platforms allow you to collaborate securely.
Another issue from an HR perspective, is employees not getting a lot of information that is in context from their day to day job. One of the things we recommend is to use the technology and to post information about the departments, next steps, etc. This allows you to reduce overall emails and gives more detailed information based on the department they’re in. This also lets you use a different technology other than emails, which is the main way that cybercriminals hack into systems. It’s important to set guidelines for remote workers. People are unsure how to work from home, so guidance will help them in the long run. It’s also important to talk to your vendors. It’s important to make sure that your apps are up to date and secure. A lot of vendors are giving licensing for at home workers.
Challenge number 2 is securing the remote worker. As we said earlier, a lot of this technology has been deployed rapidly. A few things to consider when thinking of safety is that a lot of workers are using their own personal equipment such as laptops and iPads. A lot of organizations can’t afford to buy their employees personal devices, so employees end up using their own. Co-mingling data and services is something that you need to look out for. It becomes difficult for you to see where your technology is. Just because you’re using a VPN, doesn’t mean that your data is safe. For example, if an employee is using their own device through that VPN and it got infected, then they use the same device to do work related tasks, that means that the malware or ransomware can attack your work because it got in through the VPN.
AIM was very instrumental 6 years ago, working with the state. Nationally the model has been adopted. It’s the employer's responsibility to ensure that their data is secure. Just because someone is at home, the rules become more of a burden because you have more endpoints to secure. We talk about best practices and things that are reasonable, so keep in mind that the responsibility is still here. Talking to your cybersecurity agent and making sure your employees are covered is important. One of the things AIM provides us today is the framework for the workers from home. The other thing that is shocking is shadow IT and shadow risk. One of the challenges that organizations have is shadow IT. This means that employees sometimes without intention will move data from one location to another. They may email documents back and fourth to move around data. When they do that, you lose the ability to see where your data is, and that will put your organization at risk. So let your employees know what they can and can’t do. The other thing you may want to think about is the technology you implement. Configuring the technology is important.
Some things that can be done are to create a policy that addresses remote workers and to keep in mind they don’t know what they don’t know. Also once you create the policy, identify someone who is violating the policy. Remote workers are more trusting, so training is key. Over 80% of data compromises start off with email. Now emails are even more of a target because they are sending more information over email. SMS Phishing is now becoming the new phishing campaign that what was email. Examples include, “you have a package coming” or “your password has been changed”. The shift is going to mobile, so educating your employees about this is important.
Again, your VPN may not be the solution if not deployed correct so it's important to deploy a secure technology that limits access. A lot of firewalls have a tool built in that will check the remote endpoint and make sure that it’s patched. The best we can do is to mitigate risk. Protect the data and use tools such as MDM/CASB to control data services. Most importantly protect the user/employee. This critical and identity management is key. One of the challenges companies have is to identify that an event has taken place. It takes around 100 days for an event to be recognized. There are devices out there that will monitor what is going on. For example if a person logs in twice from two different locations, it will alert them and will sometimes log the user out. If we protect the user first, the data will be protected from there.
So there is a Q&A here, but first I want to thank everyone who joined today and if you want any additional information you can email me, check out our blog, or find me on Twitter or LinkedIn.
The first question we have today is, “Since it’s cost prohibitive for accompany to purchase machines for our temporarily remote staff, how can we ensure security for our workers on personal equipment?”
The easiest way is to use proxy. Something that uses an SSL encryption to the workstation in the office. That tool can isolate the computer from virus and also implement MFA.
Second question, “We’ve experiences spoofing attacks lately, unfortunately one employee purchased a $50 gift card from the spoofer. What else should we do to avoid this embarrassing and costly mistake other than just inform our employees?”
Spoofing will always happen and it a main way on how cyber hackers will get information. A few different things here. Verify. Create a new email and then ask the person to confirm. Most companies won’t ask for that kind of information or ask you to send W2s. The easiest way to do this is to create new email and contact the person. Lastly if you find yourself a victim of fraud, contact the FBI. They have a team designed to respond to this type of this issue and are 90% successful as long as you do this in a timely fashion.
Well thank you everyone. Please don’t forget the handouts. We appreciate the time you took to join us today. If you have any questions please feel free to reach out and we thank you again.