Directive Blogs
Working from Home Isn’t Without Significant Cybersecurity Risks
The COVID-19 pandemic has greatly disrupted daily life, restricting people to their homes and preventing them from going into the office to work. In response, many companies are hurriedly changing over to a remote-capable workforce and having their employees work from home. This strategy can be highly effective, but if a company and its team isn’t careful, it can also be risky.
Why This Matters Now
Many businesses have had no choice but to shut down as “non-essential” businesses are closed. While the definition of an “essential” business varies from place to place, the Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency have provided some general guidelines describing what kind of services should be seen as essential.
This list includes many businesses who could conceivably operate on a remote basis, if they had the internal capabilities. Unfortunately, this often isn’t the most secure option. Let’s review why working from home can be less secure than working in the office, and what you can do to help minimize these effects.
Security Threats for Remote Workers
As you would expect, there are a lot of factors that can serve as a detriment to remote work’s inherent security. This is exacerbated by the fact that there is currently a global health disaster that cybercriminals can use to their advantage:
- The security implemented into the business’ network is no longer protecting the employees and their devices.
- Employees may have more lax security habits when not in the workplace.
- Cybercriminals can shape their attacks and scams to be more convincing in the current climate.
- Many businesses haven’t prepared for this eventuality, and so are lacking the remote strategies that would keep their employees secure.
Therefore, cybercriminals have the opportunity to use many of their favorite tactics to their advantage. Researchers and cybersecurity professionals have seen an uptick in ransomware attacks, remote access tools, and trojans, thanks to cybercriminals using COVID-19 as bait during their phishing attacks by playing off the stress that the coronavirus is causing in many people. It doesn’t help that many remote workers will check their personal emails alongside their professional ones, adding to the chances of a successful attack via their email. Others will pose as the hiring organization itself to swindle remote employees.
To be fair, attackers are also seeing more success in targeting businesses directly, while security is put on the back burner as they focus on their COVID-19 preparedness.
As we mentioned earlier, businesses are also generally ill-prepared for this kind of event, especially those who operate in industries that aren’t commonly associated with remote operations, and whose systems are often outdated and poorly maintained, and/or proprietary in nature and not conducive to remote capabilities. Industries that face particular regulations and certification requirements have another hurdle to clear.
What Can Be Done?
While it is unfortunately going to be a reactive response at this point instead of a proactive measure, businesses can adopt certain solutions that will assist them in securing their remote workers from attack.
- Cloud Solutions - Utilizing the cloud, rather than requiring users to remote into an at-work solution, can prevent an external access point from being created that leads into your network. Simpler to use than remote access and inherently secure, a cloud solution is ideal for remote working. With the opportunity to host software, store data, or some combination of the two, the cloud can enable many of your employees to work completely independently of your network.
- Company Issued Eequipment - With a company-issued device, it becomes a lot easier to ensure that your team has the security solutions and updates you need them to have. While this will require some investment into mobile devices that support your needs, this is a measure with lasting influence on your overall security and productivity.
- Employee Training and Education - Finally, and perhaps most importantly, your employees need to understand that their responsibility for the cybersecurity of the company at large carries over as they are working remotely. Teaching them how crucial security updates are, how to spot phishing attacks, and other preventative measures will make a huge difference.
While the COVID-19 pandemic may be providing businesses with the motivation to put these measures into place now, these measures and other recommended best practices should always be followed. Directive can help you put them into place whether you’re an essential business or not. Give us a call at 607.433.2200 to learn more.