This guest blog was contributed by Mark Lambert, Vice President of Product at ArmorCode.
In the last two years, COVID has made working from home the norm more than the exception. In a survey by Deloitte, 41% of participants said they felt more productive when they worked remotely.
But that productivity comes at a cost. Working remotely means attack surfaces have expanded and there’s less oversight and control over risks. For instance, many employees use their personal laptops or phones for two-factor authentication and download Zoom or Microsoft Teams on their phones.
Combined with a lack of strict data securing processes and unsecured hardware and networks, remote workers and their employers are at a higher risk than others for cyber attacks.
What risks are we talking about? What are some of the cybersecurity threats that come with working remotely?
Let’s take a look at a few.
Phishing attacks are one of the most common methods for cyber criminals to steal data or gain a foothold in an organization to launch larger attacks like ransomware. Phishing has witnessed an alarming increase since the pandemic as cyber criminals have become more creative. Organizations now have to watch out for new and evolved methods like vishing (voice phishing) and smishing (SMS texts), which are easy to carry out as more employees use personal devices.
Employees use their personal networks and routers which may not be secure enough without the layers of firewall that a business might put in place. Employees might update their antivirus software but not their home router software, have weak router admin or Wi-Fi login credentials, and have multiple connected devices. All these factors make home connections more susceptible to security breaches.
Unsecured Wi-Fi connections
Many employees switch between sitting at home or in a cafe or a coworking space when working remotely. And very often they end up using the public Wi-Fi network, which is a playground for cyber criminals. For instance, take the Machine-in-the-Middle (MITM) attack where hackers can intercept data between your device and the connecting server and then communicate to you to steal information.
Weak or recycled passwords
Even if you manage to get your employees to remember to do regular updates or not open suspicious emails, they may still remain vulnerable due to their passwords. Weak passwords or ones that are repeatedly reused over several accounts are weak links that cyber criminals utilize to break in.
Sharing files without encryption
With more people using tools like Slack or Zoom, file sharing has become increasingly risky. Sharing information over text or email, peer-to-peer (P2P) file-sharing, or even using personal cloud storage could leave critical information wide open for hackers to intercept.
What can be done?
As an organization, you definitely need to respect your employees’ needs and working from home is the way to go. But at the same time, you also need to keep them and your business safe. What measure can you take to reduce these risks?
Educate your staff about cybersecurity threats and train them to manage sensitive data. Equip them with the necessary tools or software (such as password managers) and regularly check in to see if they have been implemented correctly.
Ramp up security monitoring of all devices and applications to proactively identify and defuse any imminent threats.
Secure communication channels or introduce official chat tools with the necessary encryption.
Work with Virtual Private Networks (VPNs) to secure network access and employee devices. Put in access restrictions and institute privileges to arrest risks.
This Cybersecurity Awareness Month, let’s prioritize creating a culture of cybersecurity to effectively combat or anticipate security threats. We need to align cybersecurity with our business, enforce policies, and set up a robust infrastructure that a remote workforce can safely use and continue to remain productive.
About the Author
Mark is passionate about applying technology innovations to solving real world business problems. For the last 20 years, he has been working with the world's leading brands to streamline the delivery of secure, reliable and compliant software applications across Enterprise IT and Embedded/IoT markets. Mark has held leadership positions in field engineering, customer success, professional services and product management - defining and executing product strategy for a portfolio of DevOps tools focused on Security, Quality and Compliance.
Mark has been invited to speak at numerous industry events and media such as DZone, DevOps Digest, SDTimes, JavaOne, AgileDevDays, QAFinancial, TestGuild and StarEast/West. Mark holds both a bachelor’s and a master's degree in computer science from Manchester University, UK. ###