We examine the top security threats faced by organisations when many employees are working from home, and the steps organisations should take to mitigate against them.
Following the uptake in remote working as a result of the coronavirus pandemic there has been a 92% increase in cyber-attacks, according to VMWare’s Carbon Black Global Threat Report.
Many companies who were inexperienced in remote working had to plan, deploy, and support users in a very short space of time, just to keep their businesses running. Standard risk management took a back seat as the race was on to get employees working again.
Technical Consultancy Director, Neil Douglas, outlines the problems faced by many small and medium-sized organisations in operating with a decentralised workforce
“We now have a perimeter-less office without the security protections that office systems afford us – such as firewalls, making us more vulnerable to cyber-attacks”.
“As working from home is here to stay for the foreseeable future it’s vital that measures are put in place to protect organisations from hackers, while their employees are working remotely.”
“Robust authentication is the backbone of secure remote working; without it, it’s only a matter of time (in some cases minutes) before you are breached, and a lack of detection methods only compound the problem”.
9 Cyber Security Risks of working from home
As a first step organisations should consider getting a risk assessment of their remote working by a security professional. This can lead to developing robust remote working company policy and processes. An audit should also check your current inventory for missing patches and appropriate action should then be taken.
Organisations should implement strong authentication by reviewing password and lockout policies and user password guidance. Monitoring and detection tools should be used for critical data.
When working from home staff should be supplied with a corporate firewall to be deployed behind their home user firewall. Organisations should also consider using always-on virtual private networks to provide secure access to the company network and applications remotely, backed with strong authentication.
The workforce should be educated in cybersecurity risks including the eavesdropping risk and if it should be assumed all Wi-Fi networks are insecure and deployments should take place through always-on virtual private networks (VPN).
Employees should also be educated on using Multi-Factor Authentication (MFA) wherever possible for access to your network. If you are implementing MFA on a personal mobile its important to put the user at ease about how it’s used.
User awareness training on the increased risk of social engineering attacks such as phishing is critical when you have a large part of your workforce working from home.
Employees working from home should be trained in working with files remotely and provided with the applications and tools to work remotely so that data is correctly backed up or synchronized off the device. Devices that leave the office should be encrypted and a Bring your Own Device (BYOD) policy should be developed and enforced rigorously through audits.
The COVID-19 pandemic will undoubtedly be a step-change in the way we work leading to a big permanent increase in remote working. Taking action to protect your mobile workforce will help set up your organisation to take on future challenges with confidence.