While remote working was a feature at some companies, many others have found themselves with just days to prepare for the new, restricted reality. A lot of firms have cobbled together incomplete remote working systems, operated under hurriedly devised practices by unprepared staff. This is a dream come true for a cybercriminal.
In recent weeks, security agencies have issued fresh cybersecurity warnings about the dangers of a newly remote workforce as people disperse to their homes to work and study because of the coronavirus pandemic.
A joint report from the UK National Cyber Security Centre (NCSC) and the Cybersecurity and Infrastructure Security Agency (CISA) unit of the US Department of Homeland Security, stated that hackers are already exploiting remote workers, luring them into online scams masquerading as important information related to the pandemic.
Many people are now working in their personal space, sometimes on their personal computers or phones, creating a much wider target for hackers and cybercriminals. At home, it's less likely you're protected by the corporate software that can scan every link you click and file you download for signs of danger.
When it comes to firms that are now operating remotely, criminals are seeking to take advantage of what is an unfamiliar situation, where time and resources are likely stretched. Improving security for remote workers does not have to be difficult, and many points in this article are self-evident.
Nonetheless, it’s surprising how often simple fixes go ignored, especially at a time when workers are adjusting to their new reality of working from home amid a global pandemic. The following suggestions are a good starting place to ensure that organizations stay secure while working remotely.
Whatever the system that’s in place, people are almost always the weakest link.
Most offices have safety nets in place to cover this - blocking staff from following links to dodgy sites and halting the download of malicious email attachments. At home, these extra protections may not exist, making the basics of solid passwords and careful clicking all the more important.
As repetitive and boring as the message may be, reminding staff of that - and the ways to ensure they are not caught out - will help to significantly strengthen your protection. That extra vigilance should extend to the IT department too, which may also be made more vulnerable by the unique and stressful climate.
Weak or stolen passwords are the gateway for the majority of web application attacks. A study carried out by Google found that multifactor authentication blocked 100% of automated attacks.
The introduction of multifactor authentication is perhaps the easiest and most effective option, and one that can be rolled out remotely. This sees a log-in being verified after the username and password has been entered, often taking the form of a six-digit code generated through an app or text message. This makes it easier to verify someone's identity remotely, while also protecting a firm even if a user’s login details are compromised.
Depending on the software a company uses, it may already have licenses for this kind of security service and others - it's just a question of having it activated. Even if it does not, many vendors are temporarily waiving fees for their own solutions to give companies the opportunity to protect themselves during these unusual times.
Issue office equipment
Even if employees are working remotely, they should still use corporate equipment. That way you can ensure the devices are properly equipped with the desired level of security.
If companies didn’t have time to set staff up with a company laptop, their use of a personal device adds another point of weakness. It is important to understand how domestic and personal equipment affects information security and data protection, as this will highlight what risks may be introduced and the information your employees may need in order to control those risks.
Secure home network
When employees move outside enterprise networks to their homes, they are open to attack because of security risks inherent in WiFi networks. For people using a work computer at home, corporate anti-virus software and other security tools are often running by default. Similarly, if you have access to a corporate VPN, you can use it to access your company network, where your employer can protect you from afar.
However, a huge part of the security problem for remote workers is the unknowns that may be lurking in their home networks. While VPNs and multifactor authentication go a long way toward alleviating some of the risks, they might not fully address a compromised local network.
If you're using your own personal computer or can't access your company's internal network, you can install security products that scan for malicious software that can steal information. If you run these security programs and keep the other tips in mind, you'll be in good shape to defend yourself from cybercriminals.
Avoid email or phishing scams
According to Microsoft, 91% of hacking attacks begin with a malicious email, in what's called a phishing attack. The emails can take all forms. Some might promise you vital information about the spread of the coronavirus in your region, but in fact contain a malicious file that can infect your computer. Others will use spoofing to look like it’s coming from your boss or a colleague.
Many remote employees try to respond quickly if they receive an urgent message from a company executive, especially at a time like this. Fraudsters know this, and they try to exploit this behavior by attempting to impersonate the CEO or other executive using a phishing email. Educate your team members about social-engineering attacks and encourage them to double-check with people directly regarding unusual requests.
Spoofing via email and other chat tools is a common and successful attack mechanism due to its ubiquitous acceptance. A trusted communications link is vital at times like this, especially as firms try to keep workers up-to-date on the latest company decisions.
One way of avoiding phishing scams is by encouraging your teams to become fully comfortable with using real-time video solutions, such as Microsoft Teams, to interact.
Even with all these precautions (and more) in place, it’s inevitable that breaches will occur. But by being more aware, organizations and their remote workers will be much more proactive, save a lot of headache and stand a good chance of coming out on top.
At the very least, though, companies should take this crisis as an opportunity to properly assess their security system and its suitability to remote working for future instances.