Hackers are pointedly taking advantage of the coronavirus crisis. There is an increase in the number of phishing and other attacks, while criminals are also exploiting the anxiety employees are experiencing in today’s unusual circumstances.In fact, the CNBC survey we quoted above also found that more than a third of the executives surveyed reported an increase in cyber threats, linked to the increase in remote working.
Typical risks posed by remote working
Why does remote working pose such a security risk? It’s simple: when an employee accesses enterprise data from a remote location their employer loses a degree of security control. This loss of control is even greater if the employee makes use of a personal device. Just some of the risk factors include:
- Network risks. Remote workers typically use any mix of secured and unsecured, wired or wireless and indeed private or public networks when accessing company resources. Doing so provides numerous entry opportunities for hackers, or the chance to snoop – companies simply cannot secure every network used by remote workers.
- Physical device security. Physically securing devices that are used remotely is a real challenge as a lost device – whether employee-owned or corporate – poses data loss and privacy risks. It is just too easy for a device to be stolen, or to go lost while a worker is in transit or working somewhere other than home.
- A mix of personal and business use. Particularly where employees use personal devices for work there is a significant risk that personal usage of apps and other resources may open the door for criminals to access company resources. Companies have limited control of the apps and services that run adjacent to enterprise apps on a personal device.
- Scams focused on remote workers. Hackers know how to get into the mind of the remote worker and can subtly manipulate employees working outside the collective office environment. Solitary working can also mean that employees skip on typical cybersecurity best practice, unable to easily check and verify with a nearby colleague.
Simply put, remote working introduces a range of security risks. So, while companies are acting fast to ramp up remote working, they should also consider how to improve business cybersecurity for remote workers.
Five tips on how to improve your business cybersecurity
Yes, remote working poses risks but there are several actions you can take that will put your company on track to mitigate cybersecurity risks to a large degree.
Issue company-controlled devices
Where possible your company should try to issue remote workers with company-controlled laptops and mobile phones that are exclusively for work use. The quick switch to remote working may mean that these devices arrive after the fact, but it is never too late to switch work to a dedicated device. This is particularly pertinent if your employees work with confidential or personally identifiable data.
As an intermediate step you may request that your employees sign their personal devices up to a mobile device management (MDM) service provided by their employer – it provides at least some degree of control, including the ability to remotely wipe a device.
The typical challenge is that employees do not realize that personal mobile devices, used for remote work, represent a threat to the company's information security, says Yevhenii Kurii, Information Security Expert at ELEKS. As a result, they often do not apply the same security and information protection procedures as they would with other devices such as desktop computers.
No matter where you are working from, whether it is office or home, airport terminal or hotel lobby, you should consider all your employees’ laptops and mobile devices as an essential part of your corporate infrastructure. Therefore, you should ensure that all security protocols such as password protection, encryption, malware protection, and continuous monitoring, normally used in the management of data on conventional storage infrastructure are also applied here. Moreover, do not forget to combine it with proper training activities, making your personnel aware of the common risks and possible ways to deal with them.
VPN provisioning
We’ve pointed out how network security is a key factor when working remotely. VPN use can remove many of these risks by securely tunnelling corporate traffic under an encrypted layer. VPN services are not expensive and can be readily rolled out to all employees – however, vet your VPN provider carefully.
If VPNs are not an option you could point your employees to a simple, more practical step – plugging devices directly into a broadband modem or router, instead of using Wi-Fi. You can also recommend that employees avoid shared and public Wi-Fi wherever possible.
Focus on endpoint security
Balancing device lock-down and security measures against practical device use is a difficult task, but companies nonetheless need to focus on the security of the devices used by remote workers. Endpoint protection software including anti-virus is an essential first step, many of these tools also include capabilities that guard against phishing attempts.
Also consider boosting everyday endpoint security principles such as regular updates and taking stock of all the devices in use by your remote workers. Device encryption will also deliver an additional layer of security – especially where devices are at risk of loss or theft.
Passwords and MFA
Now is the time to ensure that your employees use strong passwords to access corporate IT services, if you have not already done so. Also consider regular password changes – every 60 days, for example. It’s also worth reviewing password good practice with your colleagues, explaining the risks around shared passwords for example.
Multi-factor authentication is now widely available and worth rolling out as remote working is scaled up – a second authentication factor is an additional hurdle that makes it more difficult for hackers to abuse a stolen password.
Guidance against phishing
Employees that are under pressure and working in unusual circumstances are uniquely vulnerable to phishing attempts so now is the time to step up formal employee guidance. You already know the drill – don’t click through to unfamiliar sites, never open attachments from unknown sources, etc.
However, your colleagues can quickly forget these measures. That’s why re-enforcing this message is so important. It is also worth pressing a “trust but verify” approach – employees should check in with their colleagues if they see any legitimate but unusual communications.
Remote working can be secure working
In the recent past, many companies still choose to put a brake on remote working because of the perceived security risks. However, today, many companies have no choice other than to enable working remotely – and to do so rapidly.
We’ve outlined the possible risks and ignoring these risks is not an option – even where the roll-out of remote working is unexpected and rapid. However, companies that take the right steps to mitigate the risks of remote working will see their remote employees continue to be as productive as they used to be – without posing an outsize cybersecurity risk.
Are you looking for assistance of an experienced partner to help you stay on top of threats and ensure your organisations efficiency during the remote work period and after? Get in touch with us today!
Related Insights
