With the global spread of Covid-19 having a notable impact on workspaces worldwide, many employees are working from home. But what’s the cybersecurity implication of this shift? In an effort to adopt the ‘new normal’, employers can’t overlook the aspect of cybersecurity for remote workers. Here’s how you can address the security gaps and handle vulnerabilities, which are part of this ‘new normal’.
Importance of cybersecurity
Morphisec released a Work from Home (WFH) Employee Cybersecurity Threat Index in May 2020. The survey was based on the response of more than 800 traditional office workers in the US. As per the survey, 56% employees are using their personal computers in response to their organization’s remote working policies.
Another 25% of the employees are not aware of the security protocols in their devices. 1 in every 4 employee faces issues with a spotty Wi-Fi connection limiting the impact of anti-virus.
Major cybersecurity concerns for organizations
One of the major concerns about remote work security is lack of authorization and authentication. Previously, you could have just walked down two cubicles or held a quick meeting with the IT guy and discussed security issues/concerns. But people are no longer seeing each other face-to-face. A virtual support team can hardly make up for physical interaction.
To increase remote working security awareness, we need to acknowledge that remote working has widened the organization’s attack surface. As most employees use their own devices to work, there are new operating systems and platforms. And all of them require their own dedicated security and support system. Now, with so many devices, it’s quite likely that some may fall through the security cracks.
According to Morphisec’s survey, employees have said that the most common tip that they have received from the IT guys while transitioning to WFH is to be aware of suspicious attachments, emails and pop-ups (56%). It was closely followed by the recommendation of the anti-virus being active (48%) with a constant need to update the antivirus software (46%).
But this is the time when employees are most likely to receive a large number of online requests and emails, exposing them to phishing and malware attacks.
What we need is a new process in place. There’s an increased requirement for 2-factor authentication, a need to create strong passwords, and intermittent monitoring of access controls.
Remote working is an entirely new experience for 49% of employees. Slack and Microsoft Teams have been rated as the second most essential tool in a remote work environment. But, employees have alarmingly acknowledged that they were the least careful in using these apps. 20% of employees have raised concern about security issues with working remotely stating that the IT team offered no tips when they shifted to WFH.
How to Maintain Security When Employees Work Remotely
Cybersecurity for remote workers begins with a few basics. It’s mandatory that employees are reminded that legitimate groups don’t require personal information. If there are emails or newsletters from unknown sources asking for personal information, it’s best to avoid them.
They should verify any hyperlinks before clicking on them. Emails insisting on immediate action can be risky; any type of generic greetings from an unknown sender should be treated with suspicion.
Bad grammar and spelling mistakes are common indicators of phishing; but beautifully written emails are no less dangerous.
The best way to stall a security attack is to pause before responding.
When your IT team talks about secure networks, it doesn’t include “free Wi Fi” available at libraries, parks, or cafes. Among the many work from home cybersecurity tips, you need to be wary about “free Wi Fi” which comes with a steep security price tag.
It’s an open field for hackers because traffic is not encrypted. If a remote worker doesn’t have access to a secure environment, it’s best to connect to a hotspot. This might incur additional expenses, but is a far better choice than exposing your precious data to hackers.
If remote workers are restricted to company devices, the probability of being exposed to security threats is less. But remote work is not easy, and employees may need to use their personal devices at some point. Access to different data points should be restricted to a few specific people. Putting up controls in place can limit the possibility of over-exposure of information.
Limiting data access to employees can solve a lot of security issues; the lesser the number of users, the better the security protocols are. But employees will have to work and if access becomes cumbersome, they come up with workarounds.
One common method is to download materials locally. Now an individual machine has weaker defense than a network system. The IT support team has to come up with a plan to offer maximum information with minimum exposure within a secured network.
It has been noticed that many employees finding their work getting hampered by excessive controls are setting up ‘shadow networks’ to meet steep deadlines. This however results in a security breach exposing your organization’s data to a vulnerable condition.
To ensure cybersecurity for remote workers, the IT department needs to be vigilant about monitoring traffic. They have to monitor traffic patterns because; there might be occasional deviations from the usual.
This is important because any deviation may signal a security concern. While some deviation in traffic patterns is inevitable, the IT department must remain vigilant and filter out information and detect patterns that are risky for the organization.
Like electronic devices, communication among humans should also be monitored from time to time. Work talk should be restricted to private spaces.
Need a supportive partner to tackle security threats in the digital space?
There are three crucial factors when it comes to cybersecurity for remote workers: timing, communication, and control. Initially, essential systems were patched after office hours. But with a flexible working environment, there’s hardly any concept of after-office hours. Timing can become challenging as patches to laptops can be delayed.
Communication is also very different from what it used to be. You can no longer visit the employees’ home physically for fixing a security issue. Now you need to issue a notification, confirm that they have received the notification and ensure that all patch updates are working properly after the change.
Most IT teams have no control of how people are managing their own devices posing a third challenge for the remote workforce.
Now is the time to bring a reliable partner onboard who can help you with a 24×7 support schedule to tackle security threats in the digital space.