Welcome to Thomas Insights — every day, we publish the latest news and analysis to keep our readers up to date on what’s happening in industry. Sign up here to get the day’s top stories delivered straight to your inbox.
As the number of COVID-19 cases continues to rise rapidly around the world, an increasing number of companies are closing their office doors and instructing employees, wherever possible, to work from home.
This shift in business operations is an essential move to halt the virus’ spread. But the sudden and massive uptick in remote working leaves businesses extremely vulnerable to cyberattacks. This is because:
- More people will be online for longer periods of time, which puts adds pressure on IT teams to ensure their corporate VPN solution can sustain a large number of simultaneous connections. This increase in remote working provides cybercriminals with a much broader window to hack into business systems.
- Businesses will be more reliant on digital tools and communication such as video conferencing and chat programs. A cyberattack that denies users access to critical communication channels could be devastating for a business, obstructing operations and potentially taking entire organizations offline.
- Employees are more likely to make mistakes in a time of heightened stress. Even under normal conditions, 95% of all security incidents involve human error.
- Workers are unlikely to have sophisticated cybersecurity in their own homes. Weak passwords or poorly secured WiFi routers increase the risk of cyberattacks. Malware can easily transfer from the computer of one employee to the entire connected business network.
- Cybercriminals exploit fear and confusion. Coronavirus-related fraud is up 400% with hackers developing websites, apps, and tracking tools that claim to provide real-time information about the virus, promises of financial assistance or corona testing kits and treatments. For those anxious for information, it’s easy to be lured to a fraudulent site and fall victim to a cyberattack.
This month, the National Institute of Standards and Technology (NIST) issued a bulletin providing cybersecurity advice for teleworkers using remote access. “Organizations should assume that malicious parties will gain control of telework client devices and attempt to recover sensitive data from them or leverage the devices to gain access to the enterprise network,” it explained.
With this in mind, here are four ways to maintain cybersecurity when your employees are working from home.
1. Limit Employee Access to Sensitive Data
Sensitive customer data and financial data doesn’t need to be made available to the entire organization. Provide access on a strictly need-to-know basis to reduce the risk of your systems being compromised.
Because businesses are trying to accommodate an unprecedented number of remote workers, it’s unlikely they will have enough company-owned devices to go around. For those companies forced to rely on an untested network of bring-your-own-device (BYOD) computers, stringent controls should be considered. For example, it’s good practice to require mutual authentication when employees attempt to access corporate systems.
2. Implement Zero Trust Capabilities
Zero Trust is an initiative used to prevent data breaches. Following the principle “never trust, always verify,” it abolishes the idea of a trusted network and eliminates the concept of trust. Using capabilities such as endpoint management cloud monitoring and micro-segmentation, a Zero Trust regime could significantly improve remote security by fencing off your “protect surface,” made up of critical data, assets, applications, and services (DAAS).
3. Educate Employees on Cybersecurity Risks
Employees should be kept informed about the specific kinds of cybersecurity threats their organization faces at this time. This ensures they’ll be well prepared to spot malicious emails and other potential cyberattacks.
Cybersecurity training should outline security policies and procedures, instructions on how to handle sensitive data, and how to stay safe online while working remotely.
Providing your workforce with a set of simple instructions can go a long way to improving security.
- Regularly change your password and ensure it is secure (use a combination of upper- and lower-case letters, numbers, and symbols).
- Ensure your wireless network has a secure password.
- Change the name of your home wireless network to something that can’t be easily associated with you.
- Never provide personal or financial information when responding to an email.
- Immediately report any suspicious emails or activity to your manager or IT team. Look out for strange email addresses, poor grammar, and incorrect spelling.
- Do not store any data on your home device – everything is safer stored in the cloud.
- Install antivirus software on all devices.
- Be especially wary of emails that reference coronavirus.
4. Conduct Regular Backups
Do not take any chances with data storage. Data backups are your last defense against cyberattacks including ransomware, so make sure all data is securely, and continuously, backed up. The 3-2-1 backup rule is widely recommended, which means having two copies of data stored locally on different mediums, and one copy stored off-site.
Image Credit: gorodenkoff / Shutterstock