Security Risks During Remote Work and How to Address Them
Work from home practice increases the risks of critical data theft, especially if you are using your personal laptop for the work and not the company managed laptop.
Generally, people use personal laptops with a casual attitude, without worrying about unnecessary services running on it. Unwanted ports open to the internet, with different torrent clients, cracked software, and unpatched OS. Moreover, people do not hesitate to use any random software on their personal laptops. These increase the risks of malware infection and data theft. Most of these things are taken care of in a company laptop, as IT teams take care of these basic IT hygiene practices while configuring official laptops.
The second possible attack surface during WFH is other internet-connected devices to our home WiFi. A poorly configured WiFi router at our home or an infected home laptop connected to the same WiFi which we are using for work from home can pose major security risks.
Business activities that were once conducted in protected office environments, and monitored under specific policies, have quickly transitioned to new, and potentially less secure territory. For example, customer service agents who worked in closely managed call centers are now managing sensitive customer data at home.
The rapid shift to working from home has also changed the ways many organizations do business from moving face-to-face meetings to video conferencing calls to adding new collaboration tools—yet the survey showed many employees are lacking guidance, direction, and policies.
Allowing employees to access company data from offsite locations raises concerns about data encryption, the security of wireless connections, the use of removable media, and potential loss or theft of devices and data. In a 2018 survey by Wi-Fi security company iPass, 57% of CIOs reported they suspect their mobile workers had been hacked or were the cause of security problems. Very few companies are confident that their remote employees used virtual private networks (VPNs) to increase security when connecting to company networks. Sixty-two percent of security incidents related to Wi-Fi connections happen when employees use networks in cafes or coffee shops, and 27% of workers in the U.S. admit to opening emails and attachments from unfamiliar senders. Devices are often compromised as a result, putting both personal and company data at risk.
Cybercriminals are taking advantage of fear surrounding COVID-19 and using it to accelerate attacks against organizations, primarily with COVID-themed phishing emails. In response, it is necessary for companies to take sufficient measures to inform employees and set up policies that will help protect the confidentiality and integrity of their information as well as maintain the availability of their systems for remote employees.
End-Point Protection for Home Users
Modern endpoint detection and response (EDR) solutions are designed to operate outside the corporate network. These solutions prevent malware and enable threat hunting. They also give you the ability to initiate immediate response actions, such as preventing new malware from running or removing malware from systems. Building a secure endpoint ecosystem is the need of the hour. Hackers want to compromise any and every device because cybercrime is a booming business to siphon billions. As wireless endpoint devices inch closer to acting as corporate infrastructure in the current remote work scenario, debunking the myth that wireless hijacking cannot be done across remote geographic locations becomes more critical.
Risk-Free Remote Access
Many business owners don’t understand the requirements for a robust remote access policy. Access needs and practices are changing among all workers, not just remote employees, and professional guidance is becoming essential to prevent serious problems like identity theft, data breaches, and data loss.
IT and cybersecurity professionals can evaluate the security risks companies face and develop customized protocols to minimize these risks, but 44% of companies aren’t bringing the pros in to help. Therefore, many executives may miss key insights into potential vulnerabilities and fail to implement proper protection for remote workers.
Multiple Factor or 2 Factor Authentication
2FA or Multi-Factor Authentication is one of the best solutions to the standard single sign-on method. It requires that your users present multiple pieces of evidence to verify their identity. An example of this would be answering a question like “where did you go to school?” and then entering your ID and password to gain access to the remote access software. Just adding a simple question like this can greatly enhance your security. You could take it a step further and require your outside vendors to call your operations department in order to acquire a single-use passcode to remotely access your data, in addition to using their private ID and password.
Use VPN for Critical Access
Many corporate departments like Finance and Human Resources may be handling sensitive data outside the physical office for the first time. Employees who are still traveling for urgent or mission-critical business may be working from a coffee shop or hotel on their mobile devices. Requiring them to use a VPN will ensure that data stays private and that these systems are not exposed externally.
Set up Firewall and AntiVirus
Firewalls act as a line defense to prevent threats entering your system, They create a barrier between your device and the internet by closing ports to communication. This can help prevent malicious programs entering and can stop data leaking from your device.Your device’s operating system will typically have a built-in firewall. In addition hardware firewalls are built in to many routers. Just make sure that yours are enabled.
Although a firewall can help, it’s inevitable that threats can get through. A good antivirus software can act as the next line of defense by detecting and blocking known malware. Even if malware does manage to find its way onto your device, an antivirus may be able to detect and in some cases remove it.
Back up your Data
Clearly, there are plenty of reasons to keep your data backed up. While hardware backups are still an option, one of the most convenient and cost-effective ways to store your data is in the cloud. Cloud backup services come with a wealth of options enabling you to customize your backup schedule and storage options.
Passwords and Cloud Security
It is essential that you implement two-step verification for all your users. In the most basic form, a person enters their username and password, and then their phone receives a text message with a code they enter to finish the login process. Other options for the second step include phone callbacks, physical USB hardware token keys, authentication apps on phones, and one-tap login solutions. Common choices include YubiKey, Authy, Duo, Google Authenticator, Microsoft Authenticator, and RSA SecurID.*
Update acceptable use policies for employees
Finally, ensure your acceptable computer use policies cover employees’ home computer assets. If this wording is not already there, you’ll need to quickly get up to speed in allowing employee’s personal assets be used for remote access. Now is an important time to remind employees that while they work remotely, they have to maintain the same level of professionalism when it comes to secure and sensitive data as they do in the office. That includes reminding people that personal email is not to be used in an official capacity and that any physical documents kept at home must either be disposed of properly with a shredder or set aside to be shredded later.
To reduce the vulnerabilities associated with public Wi-Fi networks, employers can:
• Ban the use of unsecured wireless connections
• Use geolocation to restrict the places from which company networks can be accessed
• Set up and require the use of a VPN for remote work