COVID-19 has changed the daily habits of millions of people globally, including where they work. According to the Society for Human Resource Management, 29% of organizations are considering keeping work from home policies for the rest of 2020, and Gartner reports that 48% of employees will work remotely full time post the pandemic.
It makes sense. It’s safer, more cost effective and arguably helps provide a better work-life balance. But for businesses who moved to remote work as a result of the ongoing COVID-19 challenges, it can also spell disaster. Working remotely and securely is not as simple as just taking your laptop and mobile device home. Beyond the traditional “office in a box” set-up, there is a pressing need to secure remote workers and balance employee privacy with corporate security standards.
Unsecure working environments
A common misconception is that having a password-protected home Wi-Fi network is enough to keep your data safe, however many wireless routers come with default settings that can easily be cracked by hackers. Luckily, most businesses these days offer a virtual private network (VPN) for employees to connect to and provide a secure link by encrypting data that is sent and received, which is a great first step in securing your home office.
However, while VPNs can protect against cyber criminals gaining access to confidential information, they are not enough alone to keep your business protected. In fact, a VPN is only one layer of a required security strategy to secure remote working environments. For example, a VPN does not protect against malware and viruses, phishing attacks, theft, ransomware and DNS spoofing – to name a few, and hackers can piggyback into a corporate network via an unsecured endpoint.
Proactive endpoint protection platforms and firewalls help monitor and mitigate successful cyberattacks that compromise an endpoint, meaning malware and viruses can’t spread laterally across your whole business.
Beware of targeted cyber attacks
The real threat to your data and network is the one thing you would hope to not to have to worry about, and that is your employees. In times of uncertainty, cyber criminals seize the opportunity to prey on vulnerabilities. In March 2020, as COVID-19 lockdown measures were at their strictest, it was reported that phishing attacks increased by 667%, and only last week Microsoft confirmed that they had seen an attack targeting business leaders across a variety of industries in 62 countries.
Experienced hackers are exploiting the COVID-19 outbreak to send fake emails to employees that appear to come from company officials, and ask you to open a link to a new company policy related to the pandemic. Upon clicking on the link or opening the attachment, you’re likely to download malware onto your device and allow cyber attackers to take control of your computer, log your keystrokes and/or access sensitive business information.
The easiest way to avoid this happening is to create employee firewalls through proper training. These training firewalls ensure employees are thoroughly educated on how to recognize possible threats, including being wary enough to reconfirm details with the sender via an alternative contact method. And from a business perspective, check your anti-spam features and content filtering rules are up-to-date to reduce the possibility of these emails getting through to unsuspecting users. Businesses should prioritize investment in these security awareness trainings. In fact, the best programs will include monthly and quarterly campaigns that can be preset. With the use of reporting, you can see where you have training gaps and target those employees for prescriptive training modules to ensure your environment is as secure as possible. The best Managed IT service companies will manage that process for you.
In the rush to provide the most effective remote access to employees, it can be easy to quickly default to trying new tools – Microsoft’s cloud services reported a 775% increase in demand across their platforms when strict social isolation measures were put in place.
However it’s important to not sacrifice the ability to manage systems and devices before allowing users access to new software. Consider the rise and fall of Zoom – as the video chat app surged in popularity, it became a target for Zoom bombers, further privacy issues were discovered, and security researchers have unveiled some pretty serious vulnerabilities.
The ability to support remote users effectively relies on clear communication protocols for IT support and crisis management if they encounter unusual or suspect issues that could be the result of a breach. Regardless of the pandemic, your business should be implementing clear safeguards to protect your employees and your corporate information.
A layered approach
It’s clear that workplace security is just as important whether you are in the office or working from home. To truly protect your home environment, make sure your business has a multi-layered strategy that covers areas such as security awareness training that tests each user, anti-virus solutions, data back-up, endpoint encryption and a managed VPN/firewall.
With that in place, you can rest assured that your business can operate smoothly wherever employees are located, and that your technology is available, productive, and protected.
All Covered provides best-in-class cybersecurity services to ensure the safety and integrity of your critical data no matter where employees happen to be working. For more information, visit allcovered.com.
Celebrate National Cybersecurity Month with us an attend one of our upcoming virtual events. Do your part. #BeCyberSmart.