Preserve Cybersecurity While Working Remotely
Most organizations have moved their workforces to some form of remote work as a result of the COVID-19 pandemic. Surprisingly, remote work has proven effective for many organizations, and they are now contemplating updating their remote work policies to allow employees more flexibility in a post-COVID-19 world. However, from a cybersecurity standpoint, remote work presents unique challenges and risks.
Employees may be accessing sensitive corporate data from their personal devices, or they may be using company-issued devices for corporate and unauthorized personal use. In both instances, hackers will prey on these distracted employees: sending them phishing emails in hopes of gaining access to the organization’s network, or stealing credentials which they sell to criminals who may then launch cyberattacks.
Technical Tips For a More Secure Network
That said, there are some basic steps organizations can take to improve their cybersecurity posture. Here are few technical steps you can use as a good starting point.
The extra step in the MFA process could be an email or text message confirmation, a biometric method, such as facial recognition or a fingerprint scan, or something physical like a USB fob.
- Updates and patches. During the pandemic, most IT departments were focused on moving a large portion of the organization’s workforce to remote work. This may have put other IT tasks on hold, such as patching and implementing non-critical updates.
Hackers will take advantage of this delay to access networks and potentially steal data. Thus, implementing any updates and patches as quickly as possible should be a priority.
- Securing home routers. Employees working from home are relying on the Internet and Wi-Fi access at their residence. Did they change their router password after it was first installed? If not, their home network may be vulnerable.
It is important to take simple steps to protect home networks and prevent hackers from having access to connected devices. While changing a router password is a good first step, your employees should take additional measures. For example:
- Ensure that firmware updates are installed, so that security vulnerabilities can be patched.
- Make sure the encryption is set to WPA2 or WPA3.
- Restrict inbound and outbound traffic.
- Use the highest level of encryption available.
- Switch off WPS.
Employees needing help with these measures should connect with your IT department.
Passwords should be unique for every account and should comprise a long string of upper- and lower-case letters, numbers and special characters. Additionally, organizations should consider implementing shorter periods for password resets, for example, going from a 90-day to a 30-day reset cycle.
Help Your Employees Stay “Cyber-Vigilant”
While implementing strong technical safeguards is essential to having a strong cybersecurity posture, the most important risk to organizations remains its people when they fall victim to phishing campaigns. Phishing emails are sent by hackers to steal information that can be used in further targeted phishing attacks, credit card and wire fraud, and in installing malicious software on the victim’s device or on the networks they access.
During this pandemic, there has been a marked increase in the number of phishing campaigns that target remote workers in a bid to steal their personal information or gain access to company accounts.
The key to avoiding this vulnerability lies in employee training and reminders to constantly be vigilant. For example:
- If an email appears unusual or requests immediate action (even when it comes from a “known” source), your employees should have the reflex to pause and proceed carefully.
- If the email contains a URL, they should know to hover their cursor over the link to validate the source, and to not open any unexpected attachments.
- If they suspect that they may have inadvertently fallen for a hacker’s ruse, their reflex should be to immediately report the incident to IT, rather than trying to resolve the issue themselves or ignoring it.
The pandemic has shown that remote work is an effective way for organizations to continue operating, so it is likely that some form of remote work will be part of how organizations operate in the future. That said, being aware of the risks and taking some basic steps can significantly reduce your chances of becoming a victim of a cyberattack while working remotely.
Disclaimer: Avisar Chartered Professional Accountant’s blog deals with a number of complex issues in a concise manner; it is recommended that accounting, legal or other appropriate professional advice should be sought before acting upon any of the information contained therein.
Although every reasonable effort has been made to ensure the accuracy of the information contained in this post, no individual or organization involved in either the preparation or distribution of this post accepts any contractual, tortious, or any other form of liability for its contents or for any consequences arising from its use.