Hackers are pointedly taking advantage of the coronavirus crisis. There is an increase in the number of phishing and other attacks, while criminals are also exploiting the anxiety employees are experiencing in today’s unusual circumstances.In fact, the CNBC survey we quoted above also found that more than a third of the executives surveyed reported an increase in cyber threats, linked to the increase in remote working.
Why does remote working pose such a security risk? It’s simple: when an employee accesses enterprise data from a remote location their employer loses a degree of security control. This loss of control is even greater if the employee makes use of a personal device. Just some of the risk factors include:
Simply put, remote working introduces a range of security risks. So, while companies are acting fast to ramp up remote working, they should also consider how to improve business cybersecurity for remote workers.
Yes, remote working poses risks but there are several actions you can take that will put your company on track to mitigate cybersecurity risks to a large degree.
Where possible your company should try to issue remote workers with company-controlled laptops and mobile phones that are exclusively for work use. The quick switch to remote working may mean that these devices arrive after the fact, but it is never too late to switch work to a dedicated device. This is particularly pertinent if your employees work with confidential or personally identifiable data.
As an intermediate step you may request that your employees sign their personal devices up to a mobile device management (MDM) service provided by their employer – it provides at least some degree of control, including the ability to remotely wipe a device.
The typical challenge is that employees do not realize that personal mobile devices, used for remote work, represent a threat to the company's information security, says Yevhenii Kurii, Information Security Expert at ELEKS. As a result, they often do not apply the same security and information protection procedures as they would with other devices such as desktop computers.
No matter where you are working from, whether it is office or home, airport terminal or hotel lobby, you should consider all your employees’ laptops and mobile devices as an essential part of your corporate infrastructure. Therefore, you should ensure that all security protocols such as password protection, encryption, malware protection, and continuous monitoring, normally used in the management of data on conventional storage infrastructure are also applied here. Moreover, do not forget to combine it with proper training activities, making your personnel aware of the common risks and possible ways to deal with them.
We’ve pointed out how network security is a key factor when working remotely. VPN use can remove many of these risks by securely tunnelling corporate traffic under an encrypted layer. VPN services are not expensive and can be readily rolled out to all employees – however, vet your VPN provider carefully.
If VPNs are not an option you could point your employees to a simple, more practical step – plugging devices directly into a broadband modem or router, instead of using Wi-Fi. You can also recommend that employees avoid shared and public Wi-Fi wherever possible.
Balancing device lock-down and security measures against practical device use is a difficult task, but companies nonetheless need to focus on the security of the devices used by remote workers. Endpoint protection software including anti-virus is an essential first step, many of these tools also include capabilities that guard against phishing attempts.
Also consider boosting everyday endpoint security principles such as regular updates and taking stock of all the devices in use by your remote workers. Device encryption will also deliver an additional layer of security – especially where devices are at risk of loss or theft.
Now is the time to ensure that your employees use strong passwords to access corporate IT services, if you have not already done so. Also consider regular password changes – every 60 days, for example. It’s also worth reviewing password good practice with your colleagues, explaining the risks around shared passwords for example.
Multi-factor authentication is now widely available and worth rolling out as remote working is scaled up – a second authentication factor is an additional hurdle that makes it more difficult for hackers to abuse a stolen password.
Employees that are under pressure and working in unusual circumstances are uniquely vulnerable to phishing attempts so now is the time to step up formal employee guidance. You already know the drill – don’t click through to unfamiliar sites, never open attachments from unknown sources, etc.
However, your colleagues can quickly forget these measures. That’s why re-enforcing this message is so important. It is also worth pressing a “trust but verify” approach – employees should check in with their colleagues if they see any legitimate but unusual communications.
In the recent past, many companies still choose to put a brake on remote working because of the perceived security risks. However, today, many companies have no choice other than to enable working remotely – and to do so rapidly.
We’ve outlined the possible risks and ignoring these risks is not an option – even where the roll-out of remote working is unexpected and rapid. However, companies that take the right steps to mitigate the risks of remote working will see their remote employees continue to be as productive as they used to be – without posing an outsize cybersecurity risk.
Are you looking for assistance of an experienced partner to help you stay on top of threats and ensure your organisations efficiency during the remote work period and after? Get in touch with us today!
The breadth of knowledge and understanding that ELEKS has within its walls allows us to leverage that expertise to make superior deliverables for our customers. When you work with ELEKS, you are working with the top 1% of the aptitude and engineering excellence of the whole country.