COVID-19 forced companies to turn to remote work very quickly. Although this migration has gone reasonably well in a short period of time, business managers need to be mindful of a variety of cybersecurity. After all, the implementation of remote work is broader and more important than most companies recognize. To be sustainable in the long term, a systemic approach is needed, along with a significant investment to change the corporate culture.
Risks in working remotely
In the near term, companies with a wide variety of problems are facing the COVID-19 crisis. To preserve efficiency, the speedy implementation of remote work is a must. However, this also brings some problems with it. The following are obstacles to the introduction of remote work:
It may seem basic, but not all remote workers can easily access a reliable and stable Internet. It is dangerous, however, to operate on a public network. IPass reported that 62% of security incidents associated with Wi-Fi occurred over public networks, such as those in coffee shops and cafes.
Pair that with the 61% of workers who say they have used a public network work device and things look pretty bleak for a future data breach or another security leak.
The most common tool that hackers use to gain access to sensitive information remains, far and away, phishing attacks. As the BBC reports, in the form of fake tax, charity, and government correspondence, COVID-19 themed email scams are on the rise, and work inboxes are not exempt.
Computer sharing and personal use
It may sound simple, but it may pose a possible security risk to share a work computer with family members or housemates. This should be avoided, especially if confidential information about customers is included in your work product. It is also dangerous, as Malwarebytes points out, to use a work machine for personal activities. It’s safer to provide different devices for work and personal use, if possible.
Insecure mobile devices
All of us have a working product stored on our mobile devices, at least. Wandera reported that 57 percent of companies have encountered a mobile phishing incident in their mobile threat environment survey.
Maintaining the professional and private life of employees
Through the sudden introduction of homework, workers experience a blurring of the line between work and private life. Early adopters illustrate that this does not necessarily influence efficiency, but it poses a challenge to teamwork and communication if left unattended. Therefore, an additional point of focus is constantly investing in the well-being of your workers.
Solution to security threats
Ensure protected access.
Now is a good time if your business hasn’t switched to multifactor authentication (MFA). With this technology, which allows two or more identity-driven credentials to grant access to applications, the security of identity and access across remote locations is made easier. Some solutions, such as email and banking apps, allow MFA capabilities as part of their services to decrease the possible impact of unauthorized attacks.
Similarly, with strict criteria, servers, laptops, and mobile devices that access business apps and networks should be password secured. You can avoid simple and easily guessed passwords.
Be aware of potential phishing emails.
Cyber-attacks have doubled, for instance, with the outbreak of COVID-19, according to a Reuters report. In order to unleash new phishing emails and malware, bad actors take advantage of anxiety, uncertainty, and the preponderance of individuals working from home.
Employees should question themselves: Do I know the sender and did I expect this email to be sent? Does my attention have a sense of urgency? In the email, are there connexions and attachments? Before IT or Security can check the email is legitimate, they should be advised to not click on any links or open any attachments.
Ensure safe downloads and file sharing.
To prevent malware, viruses, or unsafe protocols, workers should be careful not to download random programs or software. They can consult with IT help or their safety team if they’re uncertain.
Also, when sharing confidential data, remind remote workers to be careful. For file sharing, storage of sensitive information, and correspondence, they can use company-issued apps. Let them know that this is also for their own protection, that the business has protections around these apps and can track suspicious activity.
Consistently communicate with your employees.
Ultimately, technology trumps keeping everyone updated about how to safeguard their home systems and practice protection in their daily lives. Maintain contact on a variety of communication channels to keep them up-to-date on the latest security threats and how their personal and business information can reduce their risk. Ensure that the security and IT professionals are household names, ready for questions and, red flag sharing.
Take extra precautions during virtual meetings.
In order to communicate at a distance, remote workers may increasingly rely on video conferencing. Ideally, these skills are provided by the solution the business provides:
- Enhanced privacy controls. In order to prevent video calls from unwanted or uninvited guests, the host should ensure that the “lock meeting” feature is switched on.
- Meetings password-protect. A password-protected meeting can be created by the organizer. The host must be sure to share the password with invited guests in these situations.
- Managing safe content access. The organizer can review file-sharing settings to stop unauthorized people from uploading files during a video conference call. They can be configured to allow access to meeting content for all attendees or only particular individuals.
Jake provides counsel on cybersecurity and privacy issues. He works with each client to help them understand and manage their cybersecurity risks from a combined legal and technical perspective. By leveraging his Certified Information Systems Security Professional (CISSP) certification*, Jake bridges communication gaps between technical security professionals and an organization’s executive leadership. His comprehensive approach reduces confusion and facilitates a corporate culture of security.