The coronavirus (COVID-19) outbreak has changed the way that many people work. With the forced closure of offices throughout the country, many employees who had never been on remote work programs before had to work from home for the very first time.
While being able to work from home has helped businesses maintain continuity, it also carries hidden dangers. Employees who aren’t aware of the cybersecurity risks posed by remotely connecting to databases with sensitive information, using portable devices in public areas, or are unfamiliar with safe web browsing best practices may create network security vulnerabilities that malicious actors can exploit.
What are the security risks of remote work? How can you (and your employees) mitigate these risks? Here’s a quick explanation of some of the security challenges of work from home initiatives, and suggestions for digital risk management for remote employees.
Remote Work Security Risk #1: Phishing Attacks
While the COVID-19 outbreak may have closed many offices, cybercriminals certainly aren’t taking any breaks. In fact, many malicious actors are leveraging the outbreak for their phishing attack campaigns—posing as government entities offering free coronavirus resources or charities asking for support. Others may pose as company employees or higher-ups to trick remote workers into doing things like:
- Downloading malware;
- Surrendering sensitive information (user account credentials, financial information, etc.); or
- Approving false purchase orders/invoices.
How Can You Counter Phishing Attacks?
There are a few ways to deal with phishing:
- Create Policies for How to Handle Sensitive Information. Make sure that your company has a policy, in writing, of how employees are expected to handle sensitive information. For example, creating policies such as “never share account information with others” or “always verify invoice requests by calling or emailing the vendor directly” can help set expectations.
- Train Employees to Recognize Phishing Attacks. Putting employees through a security education, training, and awareness program can help ensure they know your company’s cybersecurity policies. This can be crucial for enforcing written security policies.
- Use Anti-Phishing and Anti-Malware Solutions. Anti-phishing and anti-malware solutions for email clients can help to curtail phishing attacks that employees might otherwise fall for. Anti-phishing software can accomplish this by detecting common signs of phishing emails (incorrect email domains, common phishing text, etc.) and flagging suspicious messages. Anti-malware software helps keep employees from downloading and running malicious files.
Remote Work Security Risk #2: Unsecure Wi-Fi Networks/Man in the Middle Attacks
When working remotely, employees may end up connecting to Wi-Fi networks other than the ones in their homes (or may not have the best security on their home network). The problem with unsecure Wi-Fi networks is that they may be vulnerable to “man in the middle” attacks—wherein an attacker intercepts data between someone’s wireless devices and the wireless network router.
While home networks aren’t typically a major issue for this, public Wi-Fi access points are a popular target for interception. With many businesses reopening as part of a plan to return to normalcy, there is an increased risk of remote workers using unsecured public Wi-Fi networks again.
How Can You Prevent Unsecure Wi-Fi Network Use?
- Encourage Employees to Use Secure Networks. Network security is a major problem for public access points. So, it’s important to encourage employees to avoid using public Wi-Fi networks. Instead, employees should stick to secure networks like a home network with a strong security key (that is not the default from their internet service provider).
- Provide Employees with Cellular Data-Capable Devices. Another way to avoid having to rely on public Wi-Fi is to use devices that have built-in cellular data capabilities. Connecting directly to a cell tower is generally better for data security than using local Wi-Fi networks. However, this may incur extra expenses for hardware and cellular data plans.
Remote Work Security Risk #3: Work Device Theft
As mentioned earlier, the coronavirus lockdown isn’t going to last forever. Eventually, employees who work from home will be able to go out and about again—and may take their work devices with them. This creates a data security risk since it’s possible for these devices to be stolen.
Once stolen, thieves can crack a device’s security at their leisure. This makes device theft a major data security risk.
How Can I Minimize the Risks Associated with Device Theft?
- Enforce the Use of Device Location Features. Many portable computing devices have a feature that tracks the device’s location so it can be found if lost. Enforcing the use of these location tracking features is crucial for remediating device theft risks. If stolen, the device can be found and forwarded to the authorities—who can then recover the device from thieves. The faster this can be done, the better. So, employees should be trained to report device loss as fast as possible.
- Utilize Mobile Device Management (MDM) Solutions. Mobile device management software can allow employers to control what information is stored or accessed on a mobile device, enforce the use of specific security features, and even remotely delete data on a stolen device. MDMs can be a crucial cybersecurity risk management tool for remote workforces, as they provide extra security.
- Encourage Employees to Keep Separate Devices for Work and Personal Use. The device your employee uses to access online storefronts and play video games should not be the same device they use for work. Keeping separate work and personal use devices helps to compartmentalize the data and apps that live on a device—which helps protect your network from malware disguised as entertainment apps and protect your employee’s personal financial data if their work laptop gets compromised.
Additional Network Security Tips for Remote Work
Aside from the above tips, it can help for your company to follow a few basic work from home best practices to help keep your company’s data and network secure:
- Encrypt Data. Whether it’s “in-flight” (being transmitted) or “at rest” (being stored), all of your business’ sensitive information should be kept encrypted. This way, if devices are stolen or information is intercepted by a third party, cybercriminals won’t be able to put it to immediate use. While encryption may be cracked with enough time and effort, this buys your company valuable time to take measures to prevent fraud or damage from the stolen data.
- Use Multifactor Authentication (MFA). Simple username/password combos aren’t enough to protect valuable data from cybercriminals these days. Strong security should use additional authentication factors, such as physical security tokens, biometrics, or one-time-use security code texts to prevent user account hijacking.
- Apply Zero Trust Network Access (ZTNA) Principles. Allowing employees to connect directly to your company’s network infrastructure remotely can create a major cybersecurity risk. So, many companies are starting to switch to a “zero trust” network access policy. Instead of connecting directly to the company’s network, employees connect to a remote service that verifies all traffic and then routes approved traffic to the company’s network. This can be crucial for preventing thieves from using stolen account credentials in an attack.
Do you need help creating a cybersecurity plan for your company’s remote work policies? Reach out to the ideaBOX team today to get started!