Security Concerns for Remote Workers
As droves of Americans start to work from home, hackers are taking notice. Experts have already warned us over the past few weeks that a new wave of cyber-attacks have started, aimed at workers outside of relatively secure office environments.
Larger organizations may have established work-from-home practices and infrastructure already set up, but smaller businesses likely had to make an abrupt transition as mentioned above. There are some cases where small, overburdened IT teams have had to open up gaps in their corporate network, simply to accommodate remote work.
Additionally, what is called the “attack surface” has dramatically increased, meaning tons of new devices such as personal laptops and tablets are suddenly in the same network, all of which are completely outside of the control of the corporate IT team.
Even for those organizations who have a VPN set up, all those extra devices may inadvertently be given access to the organization’s data center. It’s fine line between limiting employee activity and empowering workers to do their jobs remotely.
Action Items for Improving Remote Security
Make sure that your VPN, network infrastructure devices and end-user devices are all updated with the latest software patches and security configurations. Ideally, employees already have work-provided and secure laptops, that can only access the corporate network via encrypted and authenticated access, using corporate credentials and multi-factor authentication.
You also need to be extremely vigilant on suspicious emails. There has been a surge of phishing emails that are taking advantage of users who are likely to click on links to COVID-19 updates and news, and then downloading computer viruses such as ransomware.
I’ll summarize the basics with the “3 P’s” initially provided by the Cyber Readiness Institute.
- Passwords. Make sure home routers are password protected and enable multi-factor authentication wherever possible for all applications – including cloud apps and services.
- Patches. If you don’t have an IT Service Provider doing this for you, make sure all of your operating system security patches are up-to-date. Make sure that employee devices have their operating systems set to automatically update – and that they accept the updates immediately.
- Phishing. You can expect an increase in online scams, social engineering and phishing attempts. Remind employees to always “mouse over” the email sender’s name to ensure the sender’s true origin and take a careful look at the actual email address. Do NOT click on any unknown or suspicious links or attachments, even from internal colleagues. When in doubt – pick up the phone.
In conclusion, we are all in this together and are dealing with challenges as best we can on a daily basis. There is no question that this crisis is going to change the business landscape both short term and in the long run.
It will be an interesting journey to see how we adapt and the potential positive changes that might arise from this shift in how we conduct business today.
If ACCi can help you in any way – please give us a call: 205-987-8711
“Leadership is not a position or a title, it is action and example.”–Donald McGannon