Remote working is now the new normal as the globe tries to halt the spread of this deadly virus. While remote working has proved to be a key to business continuity, it’s opened doors to, cyber threats. Most remote workers don’t have access to systems with the same information safety guards as in the office.
In the office, all employees work behind carefully set IT systems. With the sudden shift to remote working, most corporates were caught off guard. The increase in cyber threats has made it evident that companies need to have the same security policies and protection, regardless of where the employee is connecting to the corporate network.
It’s almost impossible to quantify the loopholes in-home internet connections. Some employees only basic antivirus software or firewalls, while others are more concerned with using VPNs to protect their internet activities from snooping eyes.
Cyber security was so severe in May that the International Association of IT Asset Managers (IAITAM) experts cautioned government agencies and corporates, of the risks of remote working without security systems.
The CEO, Barbara Rembiesa said, “Now, the rubber is going to meet the road when those companies, which are struggling not to be crippled by COVID-19, try to keep the cash flowing by having employees at home call or email for credit card information, print out invoices on un-tracked home computers, and send them out on personal WiFi networks. With that sort of data flowing on unprotected devices, companies will be threatened by, breaches and fraud on a scale never before seen.”
Companies should offer adequate data privacy regulations training to work-from-home employees. Both the management and employees are responsible for securing their organization. The work environment is already disrupted; we can’t afford to compound it with cyber attacks further.
Here are some ways that businesses and employees can ensure their assets and information are protected from cyber criminals.
1. Update software and operating system
Software and operating systems are always discovering new vulnerabilities. Well, they aren’t the only ones. Cyber criminals are also exploiting those opportunities to get into people’s devices. Often, people are lazy to update their system and software, leaving their device vulnerable.
Have a company security policy that encourages employees to upgrade their software to match the latest supported version. Also, they can activate the auto-updating of their devices.
2. Use cloud services
Ensuring company data and assets are not stored on employees’ machines is one sure way of protecting the employee’s endpoint. Cloud-based technologies have made it possible for employees to access company data remotely, work on it, and save it on the cloud. Software like MyQuickCloud offers remote desktops and remote access solutions that store all company data and systems on the cloud.
3. Watch out for phishing emails
Moreover, cyber criminals are now taking advantage of our thirst for information. Like any other high-profile event, COVID-19 themed phishing emails and images have been used to lure to click on malicious links. ESET, a cyber security company, said that they detected 2,500 infections from malicious emails that played on COVID-19 themes in seven hours. A recent study from Italy evidences that phishing emails have increased by 40% as COVID-19 boiled over.
4. Provide VPN access
There are three main benefits of giving VPN access to your employees. One, it allows them to remotely access company resources that would be impossible to access offsite. Two, it encrypts internet connection, and finally, it provides corporate networks with some access control. A VPN is one of the best practices for employees accessing company data remotely.
Having said that, a VPN isn’t the ultimate silver bullet. It only secures information as it moves from external employees to core company systems and vice versa. In short, it’s an additional security layer that mitigates some types of attacks, not all. Also, VPNs have a set of vulnerabilities that can be exploited.
There are many VPN service providers affordable for small businesses. But, do your due diligence before settling for one as not all of them are trustworthy.
5. Encrypt sensitive data
Data encryption is a sure way to secure sensitive company data. Sending information with confidential data is always going to be risky. You can’t count the number of times third party interceptions have occurred. With data encryption, the unintended recipient won’t be able to view and decipher the information. Also, if your device is compromised or stolen, sensitive information will be encrypted.
Cloud-based solutions like MyQuickCloud offer end-to-end data encryption with Advanced Encryption Standard (AES). With it, every action you take is encrypted.
6. Monitor data access controls
Redefine and reset passcodes used by employees to access company data. Have measures that ensure company data remains on the servers, and only employees with authorized permissions can access it. You don’t want scenarios of employees downloading company data on their devices, exposing sensitive information if their device is compromised.
Two-factor authentication and alphanumeric codes should be mandatory for all employee log-ins to company systems. Also, store all business-critical passcodes securely in the event anything happens to the critical staff.
Most cloud-based remote working solutions allow managers to control access to company data and give employees permissions as their job requires. Data privacy is maintained as no once can access information without their passcodes. And data remains on the server at all times.
7. Avoid sharing work devices with others
Separating personal and work devices is easier said than done. The same way that you have to create a boundary between home and work life is what you should do to your devices. You may ask yourself, “What harm will it do to pay your bills or let your child do their online assignments?”
Well, imagine cyber criminals’ joy when they learn they can access young student’s data. Or a hacker is trying to breach your company data and getting a bonus of all your personal information. It calls for a celebration for the hefty paycheck on the dark web.
So, don’t mix your home bills and work spreadsheets or send work-related emails from your personal mailbox. It may seem cumbersome to establish the boundaries, but it’s worth every minute.
8. Avoid public WiFi
Nothing screams vulnerable like accessing sensitive data on a public WiFi. Avoid it at all costs. Hackers can access your computer from across the room if you’ve got no firewall to keep them out. Also, they can monitor the traffic of data between your work network and your device. If you have to use public WiFi, ensure you not only have a secure firewall but a way to encrypt your traffic as well.
The above security awareness tips will keep both businesses and employees safe regardless of the different geographical locations. Conduct security awareness training to keep the employees on their toes. Employees can only be safe while working from home when they are equipped with the resources and knowledge of how to go about it.