The Coronavirus has upended virtually every element of our daily lives, including where and how we work. As many companies rush to transform their operations to be fully remote, IT challenges arise, especially in regard to cybersecurity. We’ve put together these resources about remote security in a crisis to help in those efforts.
As Time Magazine described it, the COVID-19 pandemic has necessitated the “world’s largest work-from-home experiment.” Even before COVID-19 made working from home a necessity, remote work was already becoming a norm at many companies. In total, it’s estimated that 70% of people globally work remotely at least once a week.
However, the ability to access company IT from locations outside of the office also poses a significant cybersecurity risk, as bad actors look to capitalize on this rapid transition to facilitate data breaches. This is especially true for hastily assembled work-from-home arrangements that don’t make cybersecurity their top priority.
Here’s what you need to know about the cybersecurity risks that come from remote work and the steps that you can take to protect company and customer data.
Understanding the Risk
Remote access tools are a mission-critical feature that allows physically distant employees to remain technologically close. While this arrangement always poses a certain level of cybersecurity risk, the rapid transition toward remote work means that many companies and employees are unprepared, leaving them exposed to bad actors.
Employees unfamiliar with VPN services are downloading malware. As a recent report on cybersecurity and the COVID-19 pandemic found, “Unsuspecting victims around the world are falling victim because they are being tricked into downloading and installing malware masquerading as legitimate VPN clients.”
Unfortunately, even trusted VPN services are being put to the test during this challenging season. Cybersecurity researchers recently identified seven vulnerabilities that plague reputable VPNs and could pose substantial cybersecurity threats. At the same time, unsecured internet connections and personal devices put data at risk.
Many workers did not have time to prepare for a rapid transition to home-based work. As a result, their home WIFI networks may not be configured with the same security protocols that govern the employer’s in-house systems. Many employees will also engage in remote access from personal devices that could be infected with malware or other cybersecurity vulnerabilities.
Hackers are especially adept at exploiting the IoT devices prevalent in many employees’ homes. In the UK, the National Cyber Security Center has published recommendations for owners of smart cameras, baby monitors, and other IoT devices that could pose cybersecurity threats for at-home workers.
Perhaps most prominently, phishing scams and fraud attempts will continue to target employees while they work at home. Last week, we published a blog on the phishing attack threat facing remote workers. Those problems persist, as bad actors look to capitalize on employees’ fear and uncertainty to capture critical data. Unfortunately, the isolation that accompanies social distancing increases the risk of employees falling for a phishing scam that compromises company or customer data.
Implementing the Proper Solution
It’s clear that this pandemic isn’t going to abate anytime soon, and our COVID-19 moment is likely to inspire weeks, months, or even years of prodigious growth in remote work. Therefore, every company should reassess its cybersecurity readiness, ensuring that their defensive posture is prepared to meet this unique moment.
Here are the steps to take to get started
- Establish and communicate updated cybersecurity and data management protocols for this unique moment. For remote workers, this includes standards for secure internet connections and personal device use.
- Enable two-factor authentication for VPN services and all other accounts. For instance, our newly released single sign-on secure identity and access management solution, Passly is ready to deploy quickly to shore up your defenses today.
- Distribute access to trusted VPN services, and require employees to use this software before beginning remote work.
- Update VPN software to ensure that the latest security patches can protect against cybercrime.
- Identify and track all remote users and accounts.
- Add Dark Web monitoring to your playbook. Find out if your data or login information is circulating on the Dark Web. Expert monitoring and analysis can alert you to trouble before it lands at your door.
- Know who is accessing critical systems and account for their activity.
- Minimize direct network connections. By keeping trust to a minimum and shielding credentials from unauthorized users, companies can reduce their exposure.
- Prepare employees for the most recent phishing attack trends and fraud attempts to ensure that they can manage these risks from the privacy of their homes.
- Remain vigilant about identifying and preparing for the latest attack trends. Just like the healthcare information on the ground is continually changing, the cybersecurity landscape will continue to evolve.
At ID Agent, we are ready to support your remote work transformation. If we can help in any way, please don’t hesitate to contact us to learn more about how our industry-leading cybersecurity tools can keep your information safe as employees work from home now and in the future.