With the current state of COVID-19 which has become a global threat to human existence on earth, one of the key measures to tackle the pandemic and reduce its rate of propagation is social distancing, where companies across the globe are encouraging – restricting – their employees to work from home.
Notwithstanding, moving some distance from your entrusted office environment and working remotely is susceptible to various security vulnerabilities, especially given the existing cybersecurity skills gap.
Additionally, cruel opportunists are taking advantage of COVID-19 as subject matter to perform nasty phishing attacks to innocent people, hoping the unwary are going to click on these links and disclose the personal data.
Both the employers and employees in all parts of the world have their minds open to the idea of working from home.
But with the risks that accompany this new mode of teleworking, ENISA, a European cyber-security commission has rolled out several recommendations for organizations that are adopting teleworking as a result of the pandemic.
It, therefore, advises people to try as much as they can, not to mix work and entertainment activities on the same gadget, and specifically, be cautious with messages and ads referencing COVID-19. “Cyber-criminals are exploiting the current situation, so be aware of phishing emails and scams,” stated ENISA.
ENISA has also asked teleworkers to treat any email asking them to change their login information as a scam, even if they appear to have come from credible sources.
Also, the agency has warned people to be suspicious of emails sent by people they don’t know by not clicking on them or opening the attachments.
They need to be careful even when opening emails sent by people they know, asking for unusual things.
The National Cyber Security Center (NCSC) of the United Kingdom has also warned its citizens from falling prey to cyber-attackers.
Leave the issue of COVID-19 alone, it has only made working from home a big deal, and it has always been there where some companies do not require the physical availability of their workers.
But with the current situation, companies are being forced to set up a large population of their workforce to work from home, and within this short space of time, it will come out as a rude shock to many.
First, instead of being able to make a smooth transition, the social distancing and quarantine directives in response to COVID-19 have given organizations, IT teams, and the information executives insufficient time to make preparations and address the possible cyber-security threats of working remotely.
Workers who have had this experience before understanding the steps they need to follow to access the networks and applications from the convenience of their homes, but most employees are doing it for their very first time.
Training is, therefore, a requirement, they need to understand the potential risks, how to access networks and applications remotely, and most importantly, how to ensure the security of the network is not compromised.
Working from home requires an internet connection, a personal computer (Desktop or Laptop), a mobile phone, and any other facilitating device.
The risk of information theft or loss increases when the devices are moved out of the office. This is the possibility of device loss or theft in case of burglary or calamities like fire.
Even if employees are not doing their jobs out of their houses in coffee joints or home gardens, these environments are still not as secure as the workplace.
There is the issue of cyberslacking, it is expected to increase when people aren’t not working from the watch of a supervisor, so there is a loss of productivity.
Loss of productivity is a heavy blow to the organization as it causes loss of profits and ultimately, the downfall of the business.
Accessing the organization network at home poses cyber-risks such as hacking of the organizational system, stealing of the company’s data by untrustworthy workers, or disclosing secrets only known to the company to its competitors.
Also, there is the risk of insider threats when working from home which is one of the causes of fraud and information theft.
There is a challenge with authentication, the people permitted to access the organizations’ systems.
Some networks will develop problems for people accessing them in remote places.
Other organizations will face the problem of not having enough devices for their workers to work from home, so the issue will be solved by having the employees use their own devices to handle company-based tasks, which is an added risk.
Employees’ own devices are not likely to have the level of security or the required data recovery software as the company-owned devices and it will be hard to control what these people do with their devices and also to secure them against viruses that could easily navigate to the network of the organization.
The risk of shadow IT increases when employees are allowed to work from home.
This is caused by the careless downloading of applications and using non-authorized tools. This might introduce vulnerabilities in the system which are later exploited by criminals.
Also, there is the issue of many users accessing the company’s network using VPNs. To properly understand what is a VPN and how to use one correctly, you might need to do a bit of reading but it’s something that’s well worth the effort. The downside of everyone using a VPN is that network might fail to support an increased number of users, implying that some workers will be denied access to the system and will not be allowed to connect when working remotely.
Working from home is associated with poor backup and recovery systems hence in case of accidental information loss or theft, employees using their devices usually lack backup and recovery capabilities.
As a matter of fact, this is one thing businesses have failed to pay sufficient attention to until something fishy occurs.
This becomes even worse when remotely working employees are mixing up their personal information with organization data in a single device, which exposes each to some level of vulnerability.
For instance, if an employee downloads an infected file from their email and the laptop ends up crashing, the business will lose data as well.
Unfortunately, SMEs do have a long list of challenges they want to be addressed which makes it even hard to put the issue of backup and recovery systems into a priority.
It’s true but overlooking this issue for a persisted period can lead them into trouble.
Recovery and backup systems are very significant in any organization, irrespective of the size of the business.
To solve this problem, it is easy for employees working from home to create a local backup on their computers, or, for large organizations with an IT department, a centralized backup and recovery system can be constituted for all devices working remotely and carrying critical information about the business.
Although these options are subject to limitations, the company can adopt cloud services for backup solutions.
For instance, SaaS providers like CrashPlan and Veeam are examples of technologies that offer backup solutions for businesses regardless of their sizes, and efficiently cover their backup requirements for both office and remote working employees in one account, and eliminates the hassle and storage of information in case of computer crashes, loss of devices, and other problems leading to data loss.
Businesses must ensure workers connected through VPNs networks can be accommodated in the system by setting up sufficient bandwidth
Companies must ensure the VPNs used are adequately patched and have the latest security features. The right procedure must be adopted to keep the software up-to-date.
Businesses having their employees working remotely should consider disabling the USB ports on their computers to prevent reckless insertion of portable devices like mobile phones and hard disks. This way, the risk of malware infection and data theft will be minimized. This method also helps to avoid the bad USB attacks
Businesses should consider protecting portable devices with encryption. They should use software technologies to lock the devices or delete the information should the devices be stolen or get lost.
Businesses should set up adequate channels of communication to allow employees to work remotely to collaborate, like teleconferencing, chatting avenues, platforms for sharing documents, as well as SaaS applications. The business must ensure their employees understand what can and cannot be sent via the chat applications.
Employees must be trained on how to detect phishing scams and other cyber-crime attacks and how to handle them
Companies should set up policies and channels of reporting threats to their IT security personnel. Employees ought to be trained in the appropriate course of action if they feel threatened by cyber-attacks.
Businesses should adopt DNS filter applications to bar remotely working employees from accessing risky websites using corporate devices and block all downloads from vulnerable websites. For instance, WebTitan Cloud is an example of DNS filtering technology that offers security against internet-based attacks. It provides control to restrict access to only some websites.
Businesses should set up email security controls to detect, prevent, and block potential phishing attacks. TitanHQ is an example of a cyber-security solution that assists organizations to offer security to their employees working from home by protecting their networks from web-based attacks.
As we fight COVID-19 by reducing social distancing and working from home, let’s protect our jobs and companies we earn our living from by adopting the right cyber-security solutions, ensuring we are connected to secure and entrusted internet connection, and observing all appropriate procedures and policies of effective data protection.
Acodez is a renowned website development and web design agency in India. We offer all kinds of web design and web development services to our clients using the latest technologies. We are also a leading digital marketing company providing SEO, SMM, SEM, Inbound marketing services, etc at affordable prices. For further information, please contact us.
Looking for a good team
for your next project?
Contact us and we'll give you a preliminary free consultation on the web & mobile strategy that'd suit your needs best.
Rithesh Raghavan, Co-Founder, and Director at Acodez IT Solutions, who has a rich experience of 16+ years in IT & Digital Marketing. Between his busy schedule, whenever he finds the time he writes up his thoughts on the latest trends and developments in the world of IT and software development. All thanks to his master brain behind the gleaming success of Acodez.
Much Needed Information. Learned something valuable from your article.
Glad to have find you today on Google.
Thanks for sharing such wonderful article.
Keep Blogging !!
Much Needed Information. Learned something valuable from your article.
Glad to have find you today on Google.
Thanks for sharing such wonderful article.
Keep Blogging !!