By: Unyime Ibekwe
The COVID-19 pandemic has brought great disruption to the way work is being carried out in different parts of the world. Many businesses and organizations have introduced the concept of work-from-home as a means of ensuring the health and safety of their employees. Organizations have deployed new digital solutions like collaboration tools, videoconferencing, document sharing solutions and other solutions for distributed access to work materials.
While this new way of working is convenient for many and provides greater flexibility to employees and the businesses, it has however also exposed remote workers and businesses to much greater cyber-security risk. Businesses have to make technological changes to support remote working thereby introducing newer risks, threats and vulnerabilities to the corporate threat landscape.
For example, most of the corporate endpoints will now be exposed as they are no longer within the control of the IT unit, more servers will now be accessible from the internet and more applications will have to be moved to the cloud to support the distributed workforce.
Remote working is likely to continue even in post COVID-19 era and is not likely to end soon. A recent study by McKinsey Global Institute showed that 20 – 25% of workers in advanced economies are willing to continue working from home between three to five days in a week after the pandemic. Another survey carried out by Gartner revealed that 90% of leaders were willing to allow their employees to continue to work remotely even when the pandemic is over.
What this means is that a lot of organizations will have a kind of hybrid workplace, where some of its workforce will have to work onsite while the others can choose to work remotely from home or anywhere. Organizations and employees should therefore adopt good cyber hygiene to ensure their safety from cyberattacks while working remotely.
Remote Work Cybersecurity Risks
As remote working becomes prevalent, the attack surface for cyber-attacks has also increased significantly with cyber criminal stepping up their games in terms of frequency and scope of attacks. A recent report by the FBI highlighted a 400% spike in cybercrime, indicating up to 4,000 hacks a day. Many businesses have also reported an increase in cyber-attacks since the beginning of the pandemic. It is critical for businesses to understand the security risks associated with remote working. Here are few important issues that should be addressed by all organizations, followed by tips for remediating them.
Use of Personal Devices
Employees working from home are likely to use their personal devices such as laptops and mobile phones to access corporate data or carry out work related tasks. Many of these personal devices are likely to lack up-to-date security patches, anti-viruses and adequate security measures compared with corporate devices. Therefore, they become an easy entry point for cyber-attacks including ransom-ware attacks to the corporate network.
For instance, it is possible for employees to accidentally download malwares into personal devices which can in turn compromise business data. Malwares and virus on employee’s personal device can be transferred to the corporate network in which they are connected to. There is also the risk of data breach, data loss and loss of confidentiality if employee’s personal device is stolen or family members have access to corporate information stored on those personal devices.
As a result of the pandemic, there has been heavy reliance on collaboration tools like Microsoft Teams, Zoom, Slack, Google Hangouts, Fuze, Lifesize Video Conferencing, and Skype for holding virtual meetings. Cyber criminal have been exploiting vulnerabilities in some of these tools to steal confidential data from remote workers.
Sometimes uninvited members even gain access to virtual meetings which they were not invited and sabotage them because some of these tools use shared links, usernames and passwords for meetings. For example, Zoom apologized for the number of privacy issues and security risks found on its platform during the pandemic and promised to remediate all identified vulnerabilities.
Employees working from home will need to share sensitive data or files with their clients and colleagues through the internet. Sometimes this information is sent over insecure communication channels that can be easily intercepted by hackers. Information that is not encrypted is transmitted in clear text and can easily be sniffed by cybercriminal thereby leading to data leakage and ransomware attacks.
The most common threats to remote workers during the pandemic are phishing attacks. The number of phishing emails getting to remote workers has increased significantly since the pandemic. According to Info-security Magazine phishing emails have spiked by over 600% during the work-from-home era. Cybercriminals end out emails to trick users to disclose their personal information such as login credentials, in order to hack into the employees’ account to steal information or commit fraud. They also embed malicious links and attachments on these emails which when clicked downloads malware into the employee’s device, thereby creating backdoors that allow hackers to take control of the corporate network.
A number of employees connect to corporate resources from their home Wi-Fi or public networks. These networksare often insecure and lack appropriate security controls like strong passwords, anti-virus solutions, firewalls and intrusion prevention systems. Networks with poor security measures serve as a platform for hackers to intercept traffic going through that network. Hackers can obtain sensitive information like confidential data and login credentials from insecure network and use them to logon to the corporate network.
How can organizationsand their remote workforce beprotected from cyberattacks?
In addition to the tips above, below are some of the controls organizations and employees should put in place to ensure that they are better protected from cyber-attacks when working remotely. There are no absolute guarantees that cyber -attacks will be prevented, but risk mitigation must be undertaken for responsible corporate governance.
Trainings and Awareness
Every organization should have as part of its business strategy, cybersecurity and data protection training, awareness programs and policies to constantly educate employees on basic cybersecurity best practices. These training sessions should also be incorporated as part of the on boarding process for new hires and should become part of the security culture in the organization. Employees should be taught some basic cybersecurity hygiene for remote working like password protection, how to detect and respond to phishing emails, how to update antivirus on personal and work devices, how to identify social engineering tricks and other cyber-attacks.
An ignorant employee can render the entire organization’s state-of-the-art technology controls useless by just clicking on a malicious link or an attachment embedded in a phishing mail thus resulting in the exposure of the entire corporate network to data theft, account compromise, privilege escalation or ransomware attacks. Phishing simulation test should be carried out frequently to measure effectiveness of the cybersecurity trainings and awareness.
Secure your home network and don’t use public networks
It is important to ensure that the home network is secure before connecting it to the corporate network to access resources. This is because data transmitted over an insecure network can easily be captured by cyber-criminal for malicious purpose. Public Wi-Fi’s and networks should not be used to carry out work related task as they are most times insecure. Remote workers should follow the steps below to ensure the security of their home network.
- Change the default name (SSID) of your wireless router to something different.
- Change the default password on your router to a unique but complex password.
- Enable encryption on your router, it is advisable to use WPA2
- Specify the devices that are allowed to connect to your router by whitelisting their MAC addresses. This automatically blacklists any other device that is not on the list, as such rogue devices cannot connect to your router.
- Ensure that your router software and firewall is periodically updated and properly patched.
Tightens the security of your endpoints
Unmanaged endpoints pose one of the greatest threats to organizations cyber-security. As more and more employees working remotely use their personal devices to access corporate resources, this in turn increases the chances of organizations’ exposure to cyber-attacks. Organizations should consider providing employees with anti-virus licenses for their personal devices while they are working for the organization from home.
Otherwise, organizations should implement Enterprise Mobile Device Management (MDM) solution that enforces security policies and check compliance level of any device that attempts to connect to corporate resources. Workplace laptops should be configured in such a way that anti-virus and patches are automatically updated whenever they are connected to the internet.
All drives on the work endpoints should be encrypted and USB drives blocked to prevent malware transfer from USB to the endpoint. Organizations should provide cloud-based document management platform where employees can share and store corporate files, so that employees do not need to store corporate information on their personal devices. This will help prevent data breach or data loss in the event that the employee’s personal device is stolen or becomes faulty. Passwords should be used on work laptops and mobile devices in order to prevent family members or third party from accessing sensitive corporate information or documents.
Use Strong Authentication
One of the ways to minimize the risk of cyberattacks when working from home is to ensure the use of complex passwords across all your devices and ensure that the passwords are changed every three months. In addition to strong passwords, organizations should implement multi-factor authentication (MFA) on all its work endpoints and applications as this will provide additional level of security to the employees and the organization.
Organizations should also deploy Identity and Access Management (IAM) solution to ensure that every employee is granted just the right access to only authorized enterprise assets. By this, the attack surface of the organization is drastically reduced. Ensure collaboration tools used for virtual meetings have end-to-end encryption and require passwords for entry.
Establish a Virtual Private Network
Accessing corporate resources directly from the internet is very risky, and opens up the remote employee and the organization to cyber-attacks. Organizations should have Virtual Private Network (VPN) in place to ensure that their employees working remotely can access corporate resources securely. VPN provides an encrypted tunnel to transmit data between the sender and the receiver. It adds further layer of security and privacy to the internet by ensuring that all traffic passing through the tunnel are encrypted and protected from cyber-attacks.
Improve on Monitoring
As organizations shift to working remotely and onsite, there is need for their security team to have visibility across all endpoints that access the organization’s network, data and applications. There should be in place solutions that provide a single view of all activities across the network. This will provide real time awareness of all connections to the corporate resources and enable quick detection and response to threats that may be seen on the network.
Mrs Ibekwe who writes from Abuja is a Cyber Security Professional