As companies continue to work remotely, new risks emerge that threaten team security. Here’s how to safeguard against the threat.
In the interest of public health and in accordance with government orders, millions of companies and workers have shifted to remote work in response to Covid-19. Globally, Deloitte estimates that 2.7 billion people have been affected by government lockdowns, while here in the United States at least 62% of Americans have been compelled to work from home.
Considering the rushed nature of this shift, most teams have performed excellently, continuing to be productive and deliver services as expected.
Unfortunately, with little to no preparation leading up to this change in work environment, many teams were less prepared to deal with new cyber threats that come along with remote work scenarios. According to Info Security Magazine, incoming cyber threats have increased sixfold since the start of the global health pandemic. This has included a surge in ransomware, phishing attacks, malicious apps, and fake websites.
To avoid a data breach or crippling cyber event under these new work circumstances, organizations need to be aware of new digital vulnerabilities and take measures to bolster security.
Within the office environment, IT teams have carefully curated secure work environments with enterprise-grade security solutions for networks, threat monitoring, and user access control. In remote work scenarios, each employee becomes responsible for the security of their own work environment. This leads to a number of new cybersecurity vulnerabilities that need to be addressed. The most salient risk comes from a sharp increase in employees remotely accessing corporate systems from unsecured networks and devices. More specifically, risks can materialize from the following work-from-home circumstances:
For cybercriminals, security gaps in the work-from-home office environment mean increased opportunities to capture personal and professional data, take over individual machines, or infiltrate corporate systems.
“In remote work scenarios, each employee becomes responsible for the security of their own work environment.”
Lax internal practices and employee error are the two greatest causes of cyber risk, especially so in remote work scenarios. To shore-up security gaps, organizations need to provide employees with the proper IT infrastructure, user guidance, and tools.
At the organization level, this should include the following:
A number of new tools and security solutions will likely be necessary to build your secure remote workplace. Here are a few useful tools to get you started:
Premier 81 is TechRadar’s number 1 recommended business VPN and a Gartner certified cool vendor.
Rubica is a device-based security solution specifically designed for the remote workforce.
Kiwi Syslog Server is a network monitoring tool to screen, log, and flag suspicious network activity.
LastPass is a password manager that helps to generate and store all passwords employees need.
Have I Been Pwned is a free service that scans dark web databases to see if any of your accounts have already been compromised.
With a robust infrastructure for cybersecurity in the remote workplace, organizations still need to train employees on the best cybersecurity practices to maximize threat prevention. Basic cybersecurity training for the remote workplace should teach employees how to:
With video conferencing now competing with email as the most preferred means of business communication, organizations also need to pay special attention to video call security.
The popularity of video conferencing has skyrocketed—but with active microphones, cameras, and file sharing, the attack surface is even greater for cybercriminals. Considering the greater risk, video conference security practices deserve special attention in employee training initiatives.
To prevent “Zoom-bombing” and the stealth capture of data during video calls, follow best practices for these three key areas of video communications: meeting gatekeeping, during calls, recordings.
Most popular video conferencing solutions have built-in gatekeeping features that meeting hosts can activate or deactivate. Make sure only trusted participants can access your meeting by:
Minimize the attack surface once calls are underway by:
These video conferencing practices should be documented and communicated to staff, and internal IT teams should regularly confirm compliance.
While organizations across the world may have rushed into remote work scenarios, they most likely won’t be rushing out— even once the public health crisis is resolved. With more flexible work scenarios, employees are experiencing time savings and productivity gains. Meanwhile, employers are finding they can cut costs on overhead office expenditures and employee transit stipends, not to mention tap into a non-location based talent pool.
Taking the time now to retrain employees and build a remote-friendly cybersecurity framework isn’t just a bandaid to meet immediate needs. It’s an investment in the future of work that can benefit your organization for years to come.