Protecting Remote Work Data From Cyber Threats
The COVID-19 pandemic has created many challenges for enterprises across the world who have adopted remote work culture full time. Certain statistics out in the public domain suggest that working-from-home culture is not new to many organizations. Across the world, many organizations were already following this, either fully or in parts. Many employees have had the flexibility to work from home at least once a week or so. Of course, there are many sectors where this would not be true, but in most IT and enabled sectors, this certainly holds true.
What has changed though with the COVID-19 crisis is the choice to work from home or office. Many governments across the world have made it mandatory that organizations provide work from home options to their employees, wherever applicable. Thus, the COVID-19 situation has resulted in a great jump in the remote work statistics, as compared to a few months back. While for a few companies, it was just a matter of institutionalizing their already existing work from home policies, for many others, it meant exploring options to make it possible. Either way, business continuity plans of enterprises are changing, to include considerations and challenges around the remote work culture.
A State of Remote Work 2019 survey published by OWL Labs based on respondents in the US, suggests that ‘54% of respondents work remotely at least once per month, 48% work remotely at least once per week, and 30% work remotely full-time’. The survey covered respondents across all levels of people like individual contributors, team managers, consultants, directors, VPs, and more. It also covered industries like Healthcare, Education, Retail, Financial Services, Manufacturing, Technology/Internet, Government, Hospitality, and more.
Considering the scenario of last year, it is safe to assume that these numbers would have jumped by leaps and bounds owing to the COVID-19 situation. And it would be the same across the globe, as governments are trying to curb the spread of the disease by minimizing the people to people contact. Workplaces with centralized air conditioning were a cause of major worry as chances of one person infecting many others were high. So, it appears as if remote work is here to stay and all challenges around it need to be addressed by the organizations, on priority.
Almost all issues surrounding the remote work mode are about security. Within secure corporate environments, data is protected by means of necessary precautions put in place. So, there is not much onus on employees to worry about the security aspect. Since they will be working with company-issued laptops, that will have company authorized software that also includes security aspects, there is a sense of safety. This scenario changes drastically when the employees start working remotely, as they could be working from home or elsewhere.
Problems range from using public Wi-Fi, not being aware of scams and phishing that happen in the cyber world, and a simple thing like just leaving your laptop open when moving around. Issues come in the form of a snooping housemate, to cyber attack experts who will be on the prowl. It is assumed that people working from home will be slightly lax on the security front, (knowingly or unknowingly) and they will take their chances.
Why is Cybersecurity Important?
Cybersecurity is of prime importance, and many organizations have learned this at a great cost. According to a report published in the Cyber Defense magazine quoting multiple sources, 43% of the cyber attacks were targeted at small businesses. 31% of organizations have experienced cyber attacks on operational infrastructure and malware is the most common type of cyber attack. The same report further states that the annual cost of cybercrime damages is expected to hit $5 trillion this year (2020).
A very interesting statistic put up here is that 95% of data breaches have causes attributed to human error! This is why awareness training for employees is important. Hackers are certainly becoming better at identifying and manipulating vulnerabilities in IT systems. This has also lead to an increase in cybersecurity budgets of organizations, and in the current situation perhaps, more so.
The Organizational Changes
From an organizational point of view, it is important to ensure that every employee working remotely is made aware of the risks involved. Comprehensive training covering all aspects, including probable cyber threats and how they happen, should be conducted. Also, it is important to make people aware of the consequences, so that maximum caution is applied while working remotely. The IT environment should be strengthened in such a way that people can work from elsewhere securely.
All end-point devices should be safe, should be monitored for any mischievous activity, and the device and identity should be protected to make sure misuse cannot happen. Multiple factor authentication using strong passwords, 2FA, etc. should be adopted. If the enterprise is already using Cloud services, then the security policies may be revisited to ensure all necessary compliances are in place. Also, in such cases, employees should be given access to collaboration and office productivity tools to make sure all communication remains within the gambit of defined security measures.
There are some simple steps that can be taken to ensure a reasonably good level of security for remote work. The main among these perhaps is something that most organizations would have already put in place. This is to ensure anti-virus software on employee laptops. Depending on the mode using which the employees access the corporate network, this can ensure the basic security at the end-point.
An important thing to remember is to ensure updates of anti-virus or any other security solutions across. These solutions are being updated to detect more vulnerabilities on a day to day basis. Hence, unless the updates are synced across the organizational devices, the benefits won’t be seen. Public Wi-Fi or even the home Wi-Fi can be easily hacked. Using public Wi-Fi should be avoided totally and home Wi-Fi should be protected with strong passwords that are changed often. The Wi-Fi settings should be changed to enable the highest possible encryption.
Using VPNs may be a good option to ensure a secure connection to the corporate resources. Since every enterprise is dealing with confidential information exchange, the laptops should never be left unattended and open. Breaches have and can happen unintentionally by this simple oversight also. Employees should be trained to follow all corporate communication policies and should only use official communication channels. No local copies of documents and reports should be maintained unless absolutely essential and permitted to do so.
Another safeguarding measure that employees should adopt is to report any untoward activity, mail, or suspicious documents and links, immediately to the IT/security department. This can ensure any breach is caught immediately. One of the alarming aspects of breaches has been that it is usually too late (as much as six months) by the time they are reported and found. Employees being aware and vigilant can contribute a lot to the organizational security policy.
In conclusion, a secure IT environment with aware and empowered employees, and good supporting security and collaboration tools can ensure protection from cyber threats.
Reference for the Suggestions: https://www.kaspersky.com/blog/remote-work-security/34258/