Now’s the Time to Revisit WFH Cybersecurity
It’s been more than eight or so months since the COVID-19 pandemic and the need for social distancing forced companies throughout the U.S. to rethink the way they do business, closing down offices and sending millions of employees to work from home. In fact, 67% of respondents to a recent survey from 451 Research expect their work-from-home (WFH) policies will become permanent or at least remain in place for the long term.
But while WFH practices differ widely from one company to another, cybersecurity continues to be a serious concern across the board. For starters, many workers have moved from a trusted and secured office network to remote locations. The good news is that in most cases, only internet connectivity and electric power are essential to keep your team working. The bad news? It allows corporate networks to be extended in ways that are more difficult to secure.
With more employees continuing to work from home, it’s more important than ever to recognize that organizations will encounter increased cybersecurity vulnerabilities, simply because the laptops and devices that are typically protected within the physical boundaries of the corporate IT perimeter are now operating outside the IT perimeter. It also becomes more likely that they’re connecting to home networks, public Wi-Fi and consumer-grade IoT devices—and perhaps using those laptops more frequently for personal tasks and email.
As a result, you may be offering cybercriminals a tantalizing opportunity to take advantage of the situation. Many scammers are using “Coronavirus” and “COVID-19” as subject lines for phishing scams, hoping to fool some unsuspecting worker into clicking on a link or opening an attachment that either installs malware or persuades them to unwittingly hand over usernames and passwords.
That’s just one of the reasons why the Cybersecurity and Infrastructure Security Agency (CISA) has issued a statement warning that individuals “remain vigilant” for scams related to the virus, noting that “cyber actors may send emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes.” The agency also warns that individuals should “exercise caution in handling any email with a COVID-19-related subject line, attachment, or hyperlink, and be wary of social media pleas, texts, or calls related to COVID-19.”
It’s now more important than ever that those WFH employees accessing the corporate network remotely understand the risk of unwittingly opening the door to serious threats that can impact the security of the network and the work environment.
With that in mind, here are some “WFH refresher tips” to help your employees keep your company’s data–and themselves–safe as they continue to work from home:
Avoid mixing work and leisure activities on the same device to reduce risk. Work activities should be confined to work devices, while personal activities and social media belong on personal devices.
Ensure that devices have updated anti-virus protection, along with the latest operating system and application updates, since new viruses and malicious sites continue to appear as this crisis continues.
Use strong Wi-Fi encryption and a strong, unique password for access and be sure to change the Wi-Fi router admin password from the default.
Put a backup strategy in place and follow it, and make sure your backup plans cover all servers and workstations.
Educate everyone on the danger of phishing scams and how to recognize them, so they don’t succumb to their virus-related scare tactics.
Working from home—or anywhere—doesn’t have to increase exposure to cybersecurity risk for your company or your employees, as long as everyone is aware of the dangers and knows how to minimize them.
To go beyond these basic tips, businesses should consider threat prevention, detection and response solutions that go wherever your employees go. Many cybersecurity solutions rely on employees being connected to a security appliance and as such have been rendered powerless. Agent-based solutions backed by a remote security operations center (SOC) give infosec teams that much needed visibility and confidence again.