Organisations have had to overcome countless challenges during the pandemic, but one that has continued to cause headaches is IT security for home workers.
A remote workforce comes with myriad dangers, with employees relying on their home networks – and sometimes their own devices – and without the assurance of a member of your IT team on hand if anything goes wrong.
But unlike many COVID-19 risks, these issues won’t go away when life eventually goes back to normal. Home working will remain prominent even when employees have the choice to return to the office, with a Gartner survey finding that 47% of organisations will give employees the choice of working remotely on a full-time basis.
Meanwhile, 82% said that employees would be able to work from home at least one day a week.
As such, organisations should reconsider if they’re under the assumption that the defences they’ve implemented to protect remote workers are temporary.
Robust, permanent defences are required to tackle the array of threats they face. We explain how you can get starting, including our remote working security tips, in this blog.
Online work increases cyber security risks
Without the security protections that office systems afford us – such as firewalls and blacklisted IP addresses – and increased reliance on technology, we are far more vulnerable to cyber attacks.
The most obvious risk is that most of our tasks are conducted online. After all, if something’s on the Internet, then there’s always the possibility of a cyber criminal compromising it.
They might attempt to do this by cracking your password. This could be easier than ever if you’re reusing login credentials for the various online apps you need to stay in touch with your team.
Meanwhile, according to CISO’s Benchmark Report 2020, organisations are struggling to manage remote workers’ use of phones and other mobile devices. It found that 52% of respondents said that mobile devices are now challenging to protect from cyber threats.
Alternatively, attackers could send phishing emails intended to trick you into either handing over your details or downloading a malicious attachment containing a keylogger.
The dangers of phishing should already be a top concern, but things are especially perilous during the coronavirus crisis.
A recent report found that there has been a 600% increase in reported phishing emails since the end of February, with many of them cashing in on the uncertainty surrounding the pandemic.
Organisations should also be concerned about remote employees using their own devices.
This might have been unavoidable given how quickly the pandemic spiralled and the suddenness of the government’s decision to implement lockdown measures.
Still, where possible, all work should be done on a corporate laptop subject to remote access security controls. This should include, at the very least, 2FA (two-factor authentication), which will mitigate the risk of a crook gaining access to an employee’s account.
This ensures that the necessary tools are in place to defend against potential risks, such as anti-malware software and up-to-date applications.
It also gives your IT team oversight of the organisation’s IT infrastructure and allows it to monitor any malicious activity, such as malware and unauthorised logins.
Control the risk
Any organisation with employees working from home must create a remote working policy to manage the risks.
It should include guidance on storing devices securely, creating and maintaining strong passwords, and an acceptable use policy for visiting websites that aren’t work-related.
Organisations should also explain the technical solutions they’ve implemented to protect sensitive data and how employees can comply. For example, we recommend applying two-factor authentication to any third-party service that you use.
Although it shouldn’t be a concern during the lockdown, your remote working policy should also address the risks that come with employees handling sensitive information in public places.
For example, when business goes back to normal, staff may well use company devices in places such as trains and cafés, where opportunistic cyber criminals can lurk without drawing attention to themselves.
Security incidents are just as likely to occur even if there isn’t a malicious actor. Consider how often you hear about employees losing their laptop, USB stick or paperwork.
Coronavirus: your biggest challenge yet
Disruption caused by COVID-19 is inevitable, and you have enough to worry about without contending with things like cyber security and compliance issues.
Unfortunately, cyber criminals have sensed an opportunity amid the pandemic, launching a spate of attacks that exploit people’s fear and uncertainty.
Therefore, it’s more important than ever to make sure your organisation is capable of fending off attacks and preventing data breaches.
Written by Luke Irwin, writer for IT Governance