“With the COVID-19 pandemic continuing to rage across the world, governments of many countries have encouraged or demanded that employees work from home where possible. That mass migration to remote working is making it imperative that businesses have robust processes and technologies in place to guard systems and data against cyberattacks. Here are our top tips as to how they can best keep their businesses secure when managing a widely-dispersed workforce.
Make sure you have robust passwords in place
World Password Day on May 7th is a timely reminder of the importance of good password management. With complete workforces working from home, that message is more important than ever. The fastest way for bad actors to penetrate a company’s defences is by obtaining that company’s passwords. Estimates suggest that over 80% of data breaches are directly caused by weak, cracked or stolen passwords. Between work and personal systems, one user might need to manage as many as 135 different login credentials, and that’s a lot to track – which is why people tend to reuse, recycle, and iterate their passwords.
Workers repurposing the same passwords in both work and home applications (and rarely updating them) is also endemic, and that can also leave an opening for the bad guys if one gets compromised.
Using a cutting-edge tool for credential authentication, management, and storage throws up a roadblock between cybercriminals and data. A secure access and identity management solution that combines user-friendly multifactor authentication, personalised single sign-on portals for every user, and responsive remote access management tools keeps cybercriminals from breaking in even if they have a bootleg password.
Don’t get hooked by phishing
Phishing attacks are a favourite tool of bad actors because they work, and they’re even more effective against staff working remotely. It’s hard to hear about new methods of attack or ask an administrator if a message is legitimate when working from home if you’re not an IT professional.
The BBC reports that Google is blocking 18 million bogus COVID-19 emails a day from reaching its 1.5 billion users. Worryingly, the best defence a tech giant can bring will still allow some dangerous emails to slip through the cracks. Phishing is up 667% and COVID-19 is on track to become the biggest phishing topic in history.
The best way to fortify a company against phishing attacks is through comprehensive testing and training. Don’t limit it to the worker bees – executives are frequent and juicy targets. Workers may be savvy about downloading potentially-infected files, but they might not be suspicious about clicking an equally dangerous link. Get everyone up-to-speed on spotting and repelling new-style attacks that target remote workers like fake Zoom invitations and sham login portals for 3rd party applications with efficient, effective training.
Watch for trouble
Keeping an eye on the Dark Web is prudent because it’s the most likely place for bad actors to get the illicit password lists, stolen logins, ransomware, and hacking software that are the tools of their trade. Reams of sensitive personal and business data are also available on the Dark Web to bolster phishing attacks.
That’s why dedicated Dark Web monitoring is a smart choice. A quality Dark Web monitoring service can quickly get experts to hunt through the Dark Web and discover if a company’s data or passwords are in circulation, enabling businesses to prevent a problem from becoming a catastrophe.
Enforce the rules
Remote workers aren’t just using more applications and email – they’re also using more devices in more places. In the old world, workers often used a company-provided computer at work and a separate device at home. Nowadays, many use one computer for everything and that can create complications that crack open a window for the bad guys.
Companies must create and enforce strict bring-your-own-device policies and safety protocols for systems access and data handling. Workers that are signing in from publicly-accessible WIFI networks, toting around passwords on sticky notes or transferring data haphazardly, create vulnerabilities that aren’t accounted for in even the best cybersecurity plans. Clear policies and strong rule enforcement ensure everyone is on the same page in order to keep systems and data secure.
Avoid penalties
Working from home can be too comfortable sometimes. Relaxing the dress code can encourage workers to relax their standards, creating potentially expensive compliance disasters. Many industries have adopted strict compliance standards for the secure storage and transmission of sensitive data, with equally burdensome penalties for failure. Enforcing compliance can be a challenge when a company’s workforce isn’t centralised.
Don’t give staffers the opportunity to fail at compliance –and don’t give regulators a reason to come calling. Automate compliance as much as possible to make it easy for compliance specialists to ensure everyone is meeting the necessary standards. An automated compliance assistant also keeps up with the minutiae of changes to regulations so that no detail gets overlooked; making sure that everything is ship-shape and alerts staffers to potential issues quickly.
Being ready for a lockdown cyber-security approach
Building a cybersecurity plan that accounts for the special challenges that a remote workforce creates isn’t as complicated as it seems.
With just a little tweaking to their cybersecurity plans, most companies can quickly become remote-ready. Implementing the right solutions, adding state-of-the-art defensive tools, creating smart policies, and employing fresh resources enables companies to rapidly mitigate risks to their systems and data, while helping them sail smoothly into the new world.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.