Remote work is not a new trend, but the novel Coronavirus, or COVID-19 has forced millions of workers into their homes, creating a new wave of at-home employees.
There are many benefits to a remote workforce including increased productivity, employee satisfaction and reduced costs. Despite these benefits, many companies wonder how they can protect themselves from cybersecurity risks while employees are working remotely.
The rush to send employees to their home offices has created endless opportunities for cyber attacks on your company.
Avoid Unsecured Wireless Networks
While many cities and states are under mandatory stay-at-home orders, many still allow free movement. This means that a certain percentage of your remote workers may be doing their jobs from coffee shops and other public WiFi hotspots.
These points are ripe for security breaches. Hackers can easily break into these networks and steal log-in credentials, conduct phishing attacks and install malware onto company-owned equipment.
Even employees that work at home can open your company’s IT infrastructure to hackers and cyber attacks. An unsecured network at home is just as dangerous as a public one.
Many of your workers share wireless networks with other family members on a variety of devices. Your employee’s husband may have Alexa, while the kids have online gaming consoles, the family has a Ring doorbell, smart refrigerator and home surveillance system.
Multiply this by your entire remote workforce and you can see how this can be a major problem for your IT department. If not properly secured, these are all access points that will allow a hacker to gain access to your company’s sensitive information.
Create a policy that all work must be performed over secure wireless networks.
Outline exactly what this means so that everyone is clear on what is safe and what is not. Conduct a meeting that explains to your staff how to operate on secured networks and avoid leaving your company’s sensitive data open to hackers.
Your employees are the weakest point in your company’s security chain. By teaching them how to identify common threats like phishing websites, spoofing and other common methods of attack, you can fortify your defense and prevent breaches.
Secure Your Data
There is often a lag between the time that your company’s information is breached and the time that your company becomes aware of it.
Experienced hackers can steal company assets, tap into client data and make changes to your system for weeks or months without detection. Their breach may never be detected at all.
During this time, valuable financial information and data can be lost and the damage to your company’s reputation can be devastating. When mobilizing your teams for remote work, take steps to ensure that your software is up to date and current.
Use virtual private networks (VPN’s), firewalls and antivirus software to help secure your data from cyberattacks.
In this case, it pays to be proactive instead of reactive. Assume that your company will be attacked and plan in advance to deal with the potential threats.
Some companies use breach and attack simulation software to identify weak spots in their system and solve problems before they arise.
Secure Your Devices
One of the main problems that companies have faced with remote workers is device security. Many remote workers admit to accessing company data on their personal devices.
Some workers store company files on their personal home computers, or use their personal mobile devices for company communication.
In addition, your employees may not be using the latest versions of your company’s software on their personal devices, causing files to be corrupted or become vulnerable to attacks.
In some homes, the family computer is accessible to everyone in the household. While this is a smaller risk, it is a risk nonetheless. There is nothing to stop your employees from sending sensitive documents and data to friends or other contacts.
If your employee is let go from the company, they may still have access sensitive data on their personal devices.
Make sure that your employees are aware of the dangers of using their personal devices to download company files and transmit sensitive data. Provide them with the equipment they need in order to conduct business securely.
Use Multi-factor Authentication (2FA)
The more layers an attacker has to go through to access your sensitive data, the harder it will be to gain entry.
Configure your systems so that there are several passwords required to gain access to sensitive data. There should be a workstation login, an email system login and separate logins for each piece of software that your company uses. Consider an access key, a security image or CAPTCHA to make your logins even more secure.
Consider Password Managers
There are two schools of thought when it comes to password managers.
The first is that passwords should never be stored and employees should have to manually enter their passwords every time they access their workstations and software. The downside of this is that this makes it more likely that your employees will write their passwords down, making them less secure.
The second is that your company should use a password manager that stores passwords for easy login. By storing the passwords, you can be assured that the employees won’t write them down. The downside to this is that anyone who can access the workstation can access everything else with the click of a mouse.
Consider a secured solution that allows for encrypted password storage or a hybrid that stores some passwords but not others.
Deploy a VPN
VPN, or Virtual Private Networks, route your Internet data through a second network so that anyone who tries to access it from the outside will be locked out.
It is your company’s own private network that’s not accessible to anyone outside of the network, making it less susceptible to breach. If your company has an internal intranet, it is even more crucial that you have a VPN to protect your network and keep sensitive data safe.
You can configure your VPN and putt policies in place so that crucial company data or sensitive client information is only accessible while connected through your VPN.
Firewalls Are A Must Have
Think of firewalls as a literal wall of fire between your computer and the Internet.
They close off means of entry into your network, blocking threats and helping mitigate attacks. They are also effective in keeping out viruses and malware. Your workstations may come with built in firewalls, but for higher levels of protection, firewalls can be added at multiple stages of your network. Offering a tiered hierarchy of security that makes attacking your networks much more difficult.
Back Up Your Data Frequently
Does your company have a system in place to back up data in case of a breach or system shutdown?
Often, it’s not an intentional attack that destroys your data, but an accidental system loss.
Ransomware can wipe out entire swaths of data before you even suspect it. Back up your data to a cloud based system and consider installing software that works automatically.
Consider how often you are backing up data. This may be the time to back up more frequently than usual since there will be more people accessing the data remotely.
Operate On The “Zero Trust Principle”
When it comes to safeguarding your information infrastructure, operate on the assumption that no system or person operating within the system is to be trusted implicitly. Zero Trust is about granting access only when needed and only to people or devices who need it.
If you are going to use multi-factor authentication, great. But you still need to monitor what happens once the user has gotten past that authentication. Monitor how your users are interacting with their workstations, when they are signing in and what applications they are accessing.
Use artificial intelligence to create a work profile for each user so that you will be aware if something is “off,” about their work habits.
Are they logging in at odd hours of the night? Are they logging in from unexpected locations? Are they accessing software or databases they don’t normally use?
By monitoring your team’s work habits you will be in a better position to catch breaches before they destroy critical information. Having secure forms of communication available to your team is key.
You don’t want them depending on unsecured methods of communication like social media and other consumer-facing communication platforms to share information. Set up your own videoconferencing systems and restrict your team to these platforms only.
Secure Your Remote Collaboration Tools
One of the things that likely happened when your company suddenly switched to remote work was a mass of confusion in the beginning. This is the time when your teams wanted to talk, get information and stay in the loop, more than ever. This also represented the best opportunity for a serious data breach when it comes to remote communications.
The FBI recently released a warning about teleconferencing hijacking:
As large numbers of people turn to video-teleconferencing (VTC) platforms to stay connected in the wake of the COVID-19 crisis, reports of VTC hijacking (also called “Zoom-bombing”) are emerging nationwide. The FBI has received multiple reports of conferences being disrupted by pornographic and/or hate images and threatening language.
While these reports seem to be only crude pranks for now, attackers can use the same methods to eavesdrop and gain access to confidential information.
Train and Retrain Your Teams
This is a brand new landscape for many of your workers. Most have never worked from home before, and it will take more than one brief training to prepare them for this new landscape. Prepare to re-train them again and again.
Teach them how to protect themselves against phishing scams. Show them what to look for in a secure website. Make sure they understand how to protect themselves and their work while performing their jobs remotely. Create a library of white papers, articles, e-books, videos and webinars that they can access if they need a refresher. The key here is to understand that training is not a one-shot deal, but an ongoing conversation that changes as needed.
Make IT Easily Accessible
One of the major problems with remote work teams is that they feel disconnected from the office. Instead of reaching out to IT when a problem arises, they may attempt to fix it themselves.
Consider hosting weekly video conference calls with your IT staff to remind your workers that there are still professionals available to help them if any issues arise.
Make your IT staff easy to access–by messenger or other quick communication feature–so that your team can shoot them a quick message if something seems amiss or if they have questions about IT security.
This way you can keep the lines of communication open and minimize risk when it comes to your remote workforce.
Empathize With Your Workers
Sometimes workers cause breaches not because they are intentionally trying to be malicious, but because they are seeking the easiest and most efficient ways to do their jobs.
If you issue your worker a slow laptop that takes forever to load, he may become frustrated and switch to using his personal computer instead. If it is easier for your worker to cut and paste rather than retype data, your attempts at efficiency may backfire.
Think about the things that will make it harder for them to perform their jobs. Are they at home with children who are out of school? This may mean that they are facing distractions that they might not face in the office.
Distractions can lead to shortcuts and mistakes that can expose your company to a cyber attack. Are your employees suffering from anxiety over ever-changing news and updates? Are they suffering from food insecurity or working in a household with a spouse who is also a remote worker? Don’t ignore these issues.
Your company needs to understand that your employees don’t exist in a vaccuum. While these may not seem like security issues, they are. Your workers’ environment will affect their work, and they may be tempted to take shortcuts in order to minimize their stress levels. Talk to them often, understand their needs and work with them.
The novel Coronavirus pandemic sent millions of workers around the globe from their secure and protected offices to their homes in a matter of days. While some companies had policies in place to address this kind of disaster, others had to build their entire workplaces in locations all over their cities, in the homes of their workers.
This also meant that companies have opened themselves up to the possibility of data breaches, cyber attacks and unintentional data loss. By understanding the challenges that this new work landscape brings and taking steps to protect company data, you can minimize risk and avoid becoming the victim of harmful cyber attacks.
We hope you found this information helpful. If you and your remote team have any questions about securing your networks and remote operations, give us a call. We specialize in getting companies setup for secure remote work environments.