The reaction to the COVID-19 pandemic has disrupted every aspect of life across the globe and many companies now find themselves with fully remote workforces.
Cybersecurity, remote workplace
With so many employees now working from home, business networks have been opened to countless untrusted networks and – potentially – some unsanctioned devices. Naturally, the question of security arises given the need to ensure that employees are well prepared for the challenges associated with remote work. It also means that businesses must be certain that their security infrastructure is well geared to secure personal and corporate data.
So, in the context of a remote workplace, how can organizations improve their cybersecurity and prevent workers falling prey to hackers?
The hacker’s way in
The remote workplace provides hackers with an increased number of possible attack routes, all of which organizations need to have on their radar. Chief among these concerns is the matter of authentication and authorization.
Last year was the worst on record for the number of data breaches resulting in exposed records and login credentials, and this trend shows no signs of stopping.
Meanwhile, attempted phishing attacks have been an equally common occurrence among workers, who are now receiving more emails than ever before. We’ve seen a sharp spike in phishing attacks and malicious fake domains as hackers attempt to capitalize on the situation, slipping in among legitimate correspondence and imitating colleagues to harvest credentials.
These two security concerns alone highlight the importance of workers staying vigilant and maintaining security awareness in their everyday work. By this we mean ensuring that passwords are randomly generated and unique across different accounts and that they’re using multi-factor authentication wherever possible. Doing so will help prevent attackers from tapping into computers, mobile devices and home wireless networks where they can access sensitive information.
Keeping cybercriminals at bay
When it comes to heightened security risks, businesses must always be thinking about the financial and reputational implications of any sensitive information being exposed. But how can they stay ahead of the hackers?
It falls on businesses to ensure that their security infrastructure is up to the challenge. This means having adequate access to critical resources through SaaS provided services, remote support for field workers, and a security architecture that functions in hybrid operations environments. For companies that have not transitioned to a remote-enabled, open network security architecture for at least some staff, this will likely be a fairly significant challenge.
But beyond this, it involves a culture of security awareness engrained throughout the company. Changes to the security infrastructure must be communicated to staff openly and transparently, as well as coordination between IT, security, HR and operations to ensure there are no gaps in security.
In addition to this, the onus falls on employees to ensure that their security hygiene is up to scratch. The human element is often the weakest link in the security chain, with workers failing to take basic steps to protect themselves against cybercriminals. Employees must adhere to and understand their employer’s security goals and guidelines, engaging in security training and awareness programs to drive cybersmart behavior at home. Doing so will go a long way in helping to keep an organization secure, fending off viruses and other malware.
Tools at your disposal
There are a large number of tools available to help organizations along the way. For example, password managers are an easy solution which can be quickly and seamlessly integrated into existing workflows. Additionally, they often also include multi-factor authentication features that provide additional security measures when people are logging in from different locations than normal.
Implementing these solutions kills two birds with one stone, by also enabling users to generate and store unique passwords for every login. The username and passwords are then stored within a secure vault, where they’re organized and encrypted for safekeeping and ease of access. By using solutions like password managers and turning on multi-factor authentication where available, users can improve their password hygiene, limiting the risk of being hacked.
Remote work done the right way
Ultimately, creating a stronger online security posture takes time and lots of education, but under the current circumstances, we all need to play our part. Businesses must be sure that their security infrastructure can handle the challenges of a remote workforce. But equally, every worker must understand that poor password hygiene, whether it’s failing to change a default password, password reuse or using weak credentials greatly increases the chances of being hacked.
What’s more, they must use security training and awareness programs to drive “cyber smart” behavior not only at work but also at home. Keeping your organization secure should be a priority in any circumstance, but it becomes even more relevant as remote working becomes the norm. When keeping employees and your organization secure, considering the necessary measures to account for this new way of working will go a long way.
Cybersecurity, remote workplace
- ISO 27001 Lead Implementer
- ISO 27001 Foundation
- ISO 27001 Lead Auditor
- Cybersecurity Professional
- Cybersecurity Lead Implementer
- Cybersecurity Lead Auditor
- Certified Ethical Hacker (CEH)
- Computer Hacking Forensic Investigator (CHFI)
Beuchelt, Gerald (2020). Cybersecurity in a remote workplace: A joint effort. Recovered on 20 April 2020 from https://www.helpnetsecurity.com/2020/04/15/cybersecurity-remote-workplace/