As COVID-19 takes the world by storm, employers are urging their workers to stay home. While COVID-19 is top of mind, it’s not the only time when a workforce will need to work remotely. In the era of Slack, Teams, and G-Suite, your office can be handled with a remote workforce.
While we focus on our hygiene during this time, we must not forget about cyber hygiene. Unfortunately, this is the perfect storm for an epidemic of ransomware, business email compromise, data breaches and various other cybercrimes! Experts are warning of a new wave of cyberattacks targeting Americans who are forced to work from home during the coronavirus outbreak. There is increasing evidence that hackers are using the concerns over the virus to prey on individuals and that working outside secure office environments opens the door to more cyber vulnerabilities.
“There are nation-states that are actively taking advantage of the situation, particularly our Cold War adversaries, and we need to be keenly aware that they are aware of the lack of security that is presented by everyone telecommuting,” Tom Kellermann, currently serves as the head of cybersecurity strategy at cyber group VMware Carbon Black and also served on a presidential cybersecurity commission during the Obama administration, told The Hill on Friday. Kellermann said that he has seen evidence that hackers have increasingly targeted executives of companies and other “powerful personalities” that are seen as vulnerable to attack due to working on less secure networks. “There has been an uptick of targeted attacks against executives in conjunction with this pandemic,” Kellermann said. “When it comes to home security you are assuming your work laptop is secure, but you need to take steps on your own end.” Another big vulnerability is hackers accessing sensitive data through Wi-Fi networks. Kellermann recommended that individuals working from home use separate networks for their work to further isolate data and to “stay away” from public Wi-Fi that has many people using it.
During this time, NDSE is here for whatever your needs are. We are up and functioning to our full capacity. If you get in a bind, please do not hesitate to give us a call or email to help guide and facilitate any issues you may have during this time of transition and uncertainty.
As an employer, it’s your responsibility to prepare your employees to not only work remotely but to do it securely. Please use the below tips to help ensure your remote work strategy is safe and efficient:
Security Awareness Training
Your most powerful defense against cyberthreats and building a secure remote workforce is by ensuring the employees are aware of the threats they are facing and educating the workforce. Give them advice on what to be diligent about regarding attacks targeting remote workers, like phishing scams, fraudulent VPN messages, and more. A common tactic for hackers is to capitalize on issues or events that trigger a gut response, like fear, in the reader. Phishing emails mimicking legitimate emails with subject lines like ‘Corona News Flash’ or ‘X New Cases in (Insert City Here)’ try to get a user to click without investigating if the email is even credible. There are easy ways for an end user to spot a phishing email, and your security awareness training will get them to take a few seconds to look for them before taking the next action on an email.
Access to Mission-Critical Applications and Documents
For your employees to do their jobs while away from the office, they need access to applications and documents. Putting important documents and applications in the cloud will require secure policies for how to access them like audit trails, prohibited access to non-essential areas, permission-based roles, and more.
With access to important documents and applications established, you need to ensure that their connections are secure. Installing a secure VPN is a direct link to employee servers, but more security should be implemented. Two-factor authentication (2FA) is an extra layer of security that requires the end user to enter a second form of authentication. Enforcing better password protection practices are needed when more employees are working remotely. They may go to a coffee shop or other public area, increasing the chances of their passwords to be stolen if they are not careful. Simple practices like not storing passwords to browsers and instead using a password vault, such as Last Pass, can make it more difficult for unauthorized users to gain access to their networks.
Establish Communication Systems
The drawback of remote work is the inability for employees to have face-to-face interactions with their colleagues. To keep teamwork alive and well for your employees, setting up secure and reliable communication systems are crucial.
Secure Access to Voice and Phone Systems
Work vs. Personal Email
Implement Chat Functionality
Company-Owned or Bring Your Own Device (BYOD)
To maintain a secure remote work situation, you need to determine what devices your employees are going to use. Are you going to provide them with laptops and monitors? Do you need to issue company phones with secure lines of communication? Another option is to allow them to use their own devices. This comes with a lot of risks since you don’t know what is on the devices, how they use them, and other potential security problems. If you let them use their own devices, you need to implement policies around device usage on your networks, what documents they can and can’t download or store on their devices, and how to securely connect to the internet and your network.
Create a Policy for Remote Workers
Putting remote work policies in place are necessary steps to ensure your employees understand what they need to do to maintain a secure remote work environment. They also show they’re meeting state and federal compliance standards when handling sensitive clients’ information when their colleagues are away from the office.
As this epidemic continues to grow, NDSE will be here in full force. Please stay safe and feel free to reach out if you need us!