The ongoing coronavirus pandemic has forced countless companies around the world to accelerate their work from home initiatives in an effort to remain operational amid sweeping lockdowns and social distancing measures.
Even before the outbreak, 43 percent of employed Americans spent at least some time working remotely, according to a Gallup survey of more than 15,000 adults. Working from home offers many benefits for employees and employers alike, such as increased productivity, lower overhead costs, and better work-life balance, but it’s not without risks.
Employees who work from home represent a tremendous cybersecurity risk for companies across all sectors, most of which have invested vast sums of money to make their IT infrastructure more secure and resilient.
With remote work, the heavily defended perimeter is gone, and so are many foundational network security measures and best-practices. Companies are suddenly faced with employees located in different parts of the country or the world sharing sensitive information and classified internal documents over unsecured networks using personal devices shared with other family members.
Many small businesses have little to no previous experience with remote work arrangements, and their hastily implemented remote access solutions often leave a lot to be desired in terms of security.
In the absence of a multifactor authentication, overcoming remote access password protection can take just a few hours with sufficient computing power, opening the door for ransomware like SamSam, which was infamously used by Gold Lowell group to target companies with remote workers.
As if that wasn’t bad enough, remote workers are more likely than those working in offices to fall for phishing or social engineering scams, which have been escalating since the pandemic started. When employees work from home, they can use the internet without any restrictions, and the home environment itself can be another major distraction.
Furthermore, the lack of personal contact makes employees more reliant on email, which can lead to more fraudulent activities because that’s where most malware and phishing attacks come from.
Since not working from home is no longer an option, it’s down to companies to rethink their cybersecurity strategies and educate their employees so that they know how to protect themselves against predatory cybercriminals.
Mitigating Online Threats to Remote Workers
To slow down the spread of SARS-CoV-2, the new coronavirus that causes the infections disease known as COVID-19, people need to take responsibility for their own health, as well as the health of others, and avoid unnecessary social contact. Similarly, mitigating online threats to remote workers requires remote workers themselves to take responsibility for their security when working away from the office.
Here are three best practices all companies that want to make it easier for their employees to work from home securely should encourage.
1. Use a Separate Computer for Work
Companies can’t reasonably expect non-technical employees to keep their devices secure. Instead, the IT department should provide secured work devices with updated software, a reliable endpoint security solution, and remote access for straightforward troubleshooting and technical support. Employees who need access to their company’s resources should be able to connect to the company network only from their work computer, preferably using a VPN.
2. Be on the Lookout for Phishing Scams
All seasoned cybersecurity professionals know that humans are the weakest link in any security program, and this is especially true when the humans in question work from their homes. Recently, the FBI warned of COVID-19 phishing scams promising stimulus checks, and the World Health Organization had to issue a similar warning not too long ago because of cybercriminals posing as health experts. To guard themselves against phishing attacks, companies should proactively warn their employees of such scams and train them to spot phishing emails.
3. Keep Data Secure
Remote workers should pay as much attention to physical security as large companies. Work devices should never be left unattended in public places, and they should never be shared with friends or family members. Companies should enforce strong authentication policies and require employees to use multi-factor authentication, such as a combination of a password and a PIN or facial recognition. It’s always a good idea for employees to generate and store passwords using a secure password manager provided by their employer. Last but not least, local drive encryption should be enabled on all devices that support it to prevent thieves from accessing sensitive information stored on them.
The global coronavirus outbreak has forced many companies to quickly virtualize their entire workforce in order to remain operational. Opportunistic cybercriminals have already started to target the large numbers of employees who are now working from their homes, often using their personal devices. To prevent the current situation from turning into a cybersecurity nightmare, companies need to implement certain best practices to mitigate online threats to remote workers, such as increasingly sophisticated phishing/social engineering scams.