The rise of remote working is not purely the result of COVID-19’s impact. After all, remote teams and companies are pretty normal these days. But we can say with certainty that many companies have been forced by the novel coronavirus to adjust their operations towards home-based workers and scattered offices.
Unfortunately, in many countries, there was little time to prepare for the major upheaval. Where a business’ admin was once centralized and controlled from a single office, now, companies must contend with decentralized operations and staff working from and connecting to home networks.
This poses a serious concern. With multiple networks and new devices involved in the daily 9-to-5, the risk of data breaches, malware infection, confidentiality leaks, and other security concerns is doubled.
Here, we go over a few of the key risks that go hand in hand with working from home and offer up some simple and actionable solutions.
Businesses keen to keep their digital systems as healthy as possible will do well to consider the following risks and take steps to mitigate them.
Data breaches can occur in a number of ways. Perhaps the one we first imagine when we think of a breach is a bad actor physically accessing then stealing local files. But more often than not, breaches are the result of a cybercriminal infiltrating data sources remotely and bypassing existing network security.
With more people working from home, the number of access points leading into a company’s servers or networks is exponentially increased — think of all those additional wifi networks and staff-owned devices that are used when people work from home.
When the number of access points is increased, the potential for a breach is greater, proportionate to the number of new networks and devices being used.
Malware is nasty enough on an individual user’s computer or device, but when a malicious program gets its hooks into a company’s network and proliferate, the results can be disastrous.
Adding insult to injury, the number of malware programs targeting COVID-concerned citizens has taken a rise of late. Dressed up as World Health Organisation emails, text messages from the government, and more, malware is making its way in the world on the back of fear and confusion. All it takes is for one staff member to unwittingly download a file and pass it on to other team members or the company’s network and a virtual hell can break loose.
BYOD (Bring Your Own Device)
Further blurring the boundaries between workspace and home is an increasing culture of BYOD, bring your own device. While some companies are lucky enough to have enough company devices to go around, others are facing no choice but to let staff work on their own computers.
This is troublesome as businesses can invest thousands per year to secure their systems. In the case of blue-chip companies, the cybersecurity budget can surpass a million. Sophisticated firewalls, intrusion detection bots, antivirus, malware detection software, and more mean a centralized network is better protected.
With BYOD, companies essentially have to trust staff to take the proper precautions. If staff devices travel between networks, attackers can tailgate and breach the company’s system.
Despite the heightened risk, there are basic, common-sense steps a company can take to ensure network security.
Virtual Private Network (VPN) technology shields data through tunneling, a process that effectively hides data transmissions from prying eyes as they travel from point A to point B or computer A to computer B. During transmission, the data is encrypted, making it very difficult for would-be cyber crime to intercept or otherwise interfere with the data. In fact, even point A and B are hidden from view as a VPN hides IP addresses.
All staff should make sure they have VPN software installed and active before starting work, handling any company files, or accessing cloud storage systems. Although many staff will have VPN software already, companies should be cautious. A single trusted provider and a company contract are best. Then, staff can download a VPN for the different devices they will work on.
Remind staff that 123cat, their child’s birthdate, and the name of their pet dog are not effective passwords. Staff log-in details should require passwords of at least 12 characters that contain a random mix of upper and lower case characters, special symbols, and numerals.
Antimalware and Antivirus Protection
Offer staff the ability to download company provided antimalware and antivirus protection. As with VPNs, a single company contract with the provider is best and means that each staff member is using a trusted and reliable program.
Spoofing and Phishing
While the filters provided by antivirus and malware programs should filter out much of the junk trying to reach employees, some will still get through. Educate staff on the risks posed by spoofing and phishing attempts, show them how to avoid these threats, and recognize falsified emails and web pages.