The COVID 19 pandemic has drastically changed the daily habits of millions of people around the world, including where they work. Many business owners continue to advise their employees–or provide them with the option–to remote work. Recent data by Review42 shows that 55% of businesses globally are already allowing their teams to work remotely. 67% of them expect work from home to be long-lasting- pandemic or not.
While remote work arrangements are undoubtedly beneficial, the possibility of cyber risks increases with each passing day.
Bad actors know that when employees pivot to remote setups, they’re interacting with technology in diverse ways- even sometimes using software and networks for the very first time.
Cybercriminals often attempt to capitalize on such situations, using dubious ways to gain access to protected data. At the same time, corporate IT experts are working around the clock to keep networks running without hiccups. This possibly impacts their ability to detect malicious activity in time.
Despite the glaring risks of cyber intrusion, you can actually protect your remote workers and your business from most of them. Here’s how.
1. Take Measures To Reduce The Vulnerability Of Your IT Infrastructure
As the shift to remote work takes center stage, more businesses rely on telework and VPN to facilitate their core functions.
VPN, or Virtual Private Network, allows remote users to safely access their organization’s resources, content, and applications through a secure network connection that encodes data between the user and its services.
With a higher volume of corporate staff working from home now more than ever, VPNs are particularly prone to DDoS (Distributed Denial of Service) attacks. These kinds of attacks flood the resources or bandwidth of a targeted system, say a VPN server, with dozens of needless connections. This causes it to divert resources towards the sweeping traffic and crash as a result.
To protect your business and networks from this threat, follow these steps:
- Ensure all security patches, anti-virus signatures, and security configurations are up-to-date.
- ‘Whitelist’ certain applications so only safe and relevant programs are allowed to run.
- Set download limits
- Track and limit remote access to content, applications, and sensitive company databases
- Employ a lockout security feature for several incorrect attempts
- Employ compulsory password changes every 2-3 months
- Arrange with your network providers (or liaise with new business partners) to increase your VPN capacity, bandwidth, or virtualization licenses.
- Backup data to a central location frequently and ensure your IT team tests uploads just as often.
2. Appoint a Security Manager
Most remote teams work on projects with different leadership roles–a technical lead, business analyst, a project manager, and so on.
Nonetheless, it’s crucial that business owners appoint a lead security officer. This doesn’t have to be an IT security guru, but the person who is tasked with ensuring that business is conducted safely throughout a project’s scope.
This way, you can guarantee security in every one of your projects.
3. Prepare Your Staff Accordingly
If staff members have never worked in a remote environment before, the transition can be surprisingly challenging.
Set your remote team up for success and clearly communicate the steps they need to contribute to your organization’s cybersecurity plan.
- Ensure your remote workers know who to contact (and have accurate contact details), especially if they experience security bottlenecks or if their devices are stolen or lost.
- Train your team on cybersecurity issues, trends, and best practices, such as using secure Wi-Fi connections, creating strong passwords and passphrases, and identifying email fraud and phishing campaigns.
- Have procedures and policies in place that outline, for instance, the acceptable use of corporate gadgets and the management of sensitive corporate info.
4. Emphasize on The Use Of Video Conferencing To Avoid Chat Spoofing and Email Attacks
Social engineering and spoofing via Slack, email, and other chat tools have quickly become successful attack techniques due to their widespread acceptance. The 2015 Ubiquiti Networks Scam is a classic example of such attacks.
Level up your security by encouraging your remote teams to become fully comfortable with using Slack calls, Google Hangouts, and other real-time video programs to interact.
5. Learn How To Identify an Executive Impersonation Scam
Many remote workers try to respond swiftly if they receive an urgent message from the CEO.
Bad actors know this, and they try to exploit this behavior by impersonating you or any other of your corporate executives using a phishing email.
Educate your remote team about social-engineering threats and encourage them to double-check with executives directly regarding strange requests. Some tell-tale signs that your employees should keep an eye on include:
- Bad grammar and typos
- Suspicious or unfamiliar links
- Requests for private information or card details
- Mismatched phone numbers or email addresses
- Suspicious or immediate call-to-action
6. Set Up Multi-Factor Authentication (MFA)
Sometimes, even the best passwords don’t cut it when it comes to keeping away bad actors. To eliminate the security risk of password cracking, set up multi-factor authentication for you and your remote teams.
MFA is a security feature that requires the user to provide at least two methods of authentication to verify themselves before accessing corporate accounts. This might be through SMS or email message, eye or facial recognition, or via biometrics such as fingerprints.
That way, if one of your passwords leaks or becomes an instrument of a data breach, hackers will still find it hard to infiltrate corporate accounts without previously accessing your employees’ primary email accounts or mobile phones.
7. Encourage Segmentation
A big part of the security concern for remote employees is the unknowns lurking in their home IT environments.
While VPNs and MFA go a long way toward eliminating some security risks, they don’t really tackle the problem of a compromised home network.
Encourage your teams to segment their local IT environments as much as they possibly can. For example, work devices shouldn’t be used for personal activities such as entertainment, social media, or general browsing. And they definitely shouldn’t be used by other family members, including kids, who might unknowingly download malicious code.
The fact that your teams are currently working remotely doesn’t mean that you should be complacent with keeping them cyber-safe. Besides, it is at home that cyber threats lurk the most.
Have a quick team call to go through the list above alongside any other security policies you might have. Aim to get everyone on the same page and avoid future cyber problems that could prove difficult to avert.
Alison Drew is a content writer with an affinity for security. She is currently employed with Preyproject (a device security company) and is passionate about educating companies on staying safe. @preyproject