Working from home is a new ‘norm’ for many organizations, but the shift toward remote work has been steadily increasing for the past decade. In fact, between 1996 and 2016 there’s been a 300% increase in the number of companies offering remote work options. Now, of course, it’s mandatory for many of us.
protect remote workers, phishing, attacks
Identify increased risk factors for remote workers
Whether mandatory or not, remote work can pose unwanted security concerns for an organization, so it’s important to know how to be equipped to mitigate risk appropriately.
Remote work typically results in personal devices being used for work related activities or work devices being leveraged for personal use – where both are being run on substantially less secure networks. Home routers have a notable history with security issues and unsuspecting Wi-Fi hacks can be another potential concern.
Additionally, times of widespread panic, fear, or uncertainty — like the global health pandemic we are currently experiencing — create the perfect environment for malicious actors to capitalize on user error with successful malware, ransomware, or phishing attacks.
Ultimately, once organizations operate out of a centralized and controlled area such as an office space, we lose trust and confidence in the security of systems and information. It’s important to evaluate what gaps may exist that didn’t before and re-establish confidence where needed in effort to reinstate a strong and trusted security infrastructure that can support a remote workforce.
Minimize risk with strong authentication
While remote workforces provide many opportunities for malicious actors outside the safe confines of the office, there are some immediate fixes to uplevel organizational-wide security.
First, it’s important to establish trust with users and their devices to maintain some level of confidence in who or what is accessing corporate assets.
One of the best options to establish trust with users is multi-factor authentication (MFA). Strongly authenticating users serves an important role in providing an additional level of confidence in a user’s proof of identity, and it is critical during a time when companies should expect to see an influx of social engineering attacks on all employees.
Unfortunately, not all MFA is created equal and it’s important for organizations to evaluate solutions to find the best balance of security, usability, and affordability for their needs. For example, software-based MFA methods such as SMS codes or mobile authenticator apps are still susceptible to phishing and often pose usability concerns.
Regardless of an organization’s MFA method of choice, it is a critical component of any security strategy, and even more so with workforces that are almost entirely remote. When paired with business critical systems, especially those that help facilitate streamlined workflows, MFA can immediately improve the level of security across any company.
Identity Access Management (IAM) – Many organizations leverage an IAM solution to ensure users are granted access to appropriate enterprise assets and can work without the hassle of typing usernames and passwords countless times a day. When paired with strong MFA, IAM solutions can help enterprises achieve company-wide security quickly with one single point of log in that provides secure access to a range of business applications.
VPN – With an increase in remote workers, comes an increase in the number of people utilizing a VPN to securely access the corporate network. Supporting a rapid influx of VPN traffic loads has been a primary concern for many CIOs and VPN vendors during the Shelter in Place mandates, but securing these solutions is just as important. Enabling MFA for VPN login is crucial to help prevent hackers from gaining access to depths of a corporate network.
In the context of remote work, it’s imperative to equip users with simple and non-intrusive methods of security. At the first sign of an impediment on productivity, adoption rates will plummet.
Luckily, advances in the tools we use to communicate with our networks and our devices have facilitated a decades-long transition to remote work, albeit at a very accelerated pace these days due to the current crisis. Remote workers must concurrently utilize the most advanced security tools so that their data and security stays healthy, too.
protect remote workers, phishing, attacks
- ISO 27001 Lead Implementer
- ISO 27001 Foundation
- ISO 27001 Lead Auditor
- Cybersecurity Professional
- Cybersecurity Lead Implementer
- Cybersecurity Lead Auditor
- Certified Ethical Hacker (CEH)
- Computer Hacking Forensic Investigator (CHFI)
Thunberg, Chad (2020). How to protect remote workers from phishing and other attacks. Recovered on 29 June 2020 from https://www.helpnetsecurity.com/2020/06/24/how-to-protect-remote-workers-from-phishing-and-other-attacks/