Working From Home – Cyber Security Risks and Best Practices

Introduction

In recent years, businesses deployed several technologies to enable secure remote connection to what became a work-from-home (WFH) style of operation for the whole organization. Though workplaces have reopened, the WFH pattern of labor has taken root. Hybrid office/home setups are growing in popularity, increasing the workload for IT administrators.

Increased bandwidth consumption, security problems, and developing connection alternatives have IT administrators working hard to guarantee that those at home can be more productive and the workplace network can be better protected.

Many of the challenges in this project stem from the discrepancies between home connections and those utilized for business sites. Residential internet connections and services continue to be the best effort, with restricted Service Level Agreements (SLAs) that are nowhere near as stringent as business-class SLAs.

In this blog, we will cover problems arising when employees work remotely. In addition, prevention initiatives for companies will also be discussed.

Security threats of working remotely

With employees relying on personal networks and devices, IT teams are facing a big challenge in regulating security measures. According to Velocity Smart Technology, 70% of WFH employees reported experiencing IT problems during the pandemic. We’ve listed some of the potential cybersecurity problems that might occur when working from home.

1. Ransomware

Phishing and ransomware attacks are among the major threats that remote employees are facing. Cybercriminals use these scams to trick victims into sharing personal information or installing malicious software onto their devices. The attacker will then steal or lock this information and request a ransom.
According to Databasix, phishing emails have increased 6 times since the end of February when cybercrimes look to capitalize on the fear and uncertainty of the COVID-19 outbreak.

2. Weak passwords

Another threat roots in the use of insecure, or repeated passwords and login credentials. Failure to use secure passwords negates cybersecurity measures like firewalls or virtual private networks (VPNs). 

As a result, hackers can now use software to crack account passwords and access sensitive corporate online privacy protection. In general, there are some common initiatives they conduct:

• Compile lists of common passwords to access accounts 
• Create code that uses multiple password variants to guess login combinations.
• Use passwords they know someone has used for an account (Email, Facebook, Instagram) and try to access their corporate account logins.

3. File-sharing platforms

Remote employees are more likely to use file-sharing platforms to transfer documents to their coworkers. When these files are kept on corporate networks, they are likely to be encrypted. However, the same level of protection may not apply when shared remotely.

Sensitive data, such as client accounts, customer data, and financial information, can be potentially intercepted or stolen by hackers while in transit. While businesses may encrypt files saved on their network, they might overlook encrypting files when data is transferred from one location to another.

4. Unsecure Wi-Fi

Corporate Wi-Fi networks are usually secure as they are protected by firewalls that monitor and block malicious traffic. Remote employees, on the other hand, access business networks by using unprotected Wi-Fi networks. This, in turn, risks the security of corporate data.

5. Personal devices

The final risk of remote working occurs when employees use personal devices to connect to corporate networks and systems. These devices often do not have the same level of threat and vulnerability management as a corporate computer or laptop, which leaves security gaps that can be exploited by hackers. 

How to protect your business when employees work remotely?

To protect your corporate data from cyberattacks, having an updated cybersecurity solutions is necessary. Below are some tips to secure your resources when your employees work from home.

1. Give Cybersecurity Training

Cybersecurity training is critical in a remote work setting but is frequently overlooked. Kaspersky’s statistics in 2020 also found that 73% had yet to get an IT security awareness update from their company.

Currently, there are several online and in-person cybersecurity training programs available. These programs should be conducted with the participation of the whole team and integrated into the onboarding process for new joiners. Through the training, employees should be clear on their company’s Cybersecurity policy, such as the types of devices or networks that can be set up at home, how to recognize suspicious behavior, and what steps should be followed if they are targeted by a cybercriminal.

2. Implement Remote Desktop Setup

To mitigate the increased risks arising from remote or hybrid work, it is recommended that businesses utilize a remote desktop setup, namely Multi-Factor Authentication (MFA). With a remote desktop, company data will be stored in the cloud, and it enables multi-layer security to safeguard everything in your organization, from access to migration and storage. This keeps corporate data updated, easy to access, and secure.

3. Never Work on an Unsecure Network

For remote employees, “working from home” can often mean “working from a coffee shop.” However, when you log in to an unsecured Wi-Fi, cybercriminals can capture every piece of information you are giving away online, namely the account’s user ID, passwords, or even banking details. In addition, attackers can even: 

• Gain control of your computer, network, and data.
• Attack your devices with spam or viruses.
• Use the account you’re signed into for nefarious purposes.
• Redirect you to a phishing website.

4. Use a Zero-Trust Framework

Zero trust framework follows the idea that everyone connecting to networks, whether local, in the cloud, or hybrid, may be hostile and must be authenticated at any access point. Each time a user connects, the model involves consideration of data encryption, securing email security, and asset and endpoint hygiene. 

According to an IBM report in 2021, compromised credentials were responsible for 20% of data breaches, costing an average of $4.37 million. Whereas, this figure was $1.76 million less among firms that used a zero-trust strategy.

5. Improve Password Management

Although this can be the most basic reminder to ensure your cyber security, some still ignore and don’t take the consequences seriously. Remember that criminals have multiple algorithms to find commonly used passwords, and then they will try logging in to several accounts. In this way, they can steal data or money from those using weak passwords. To protect your password, follow these practices:

• Use different passwords for each platform.
• Don’t use personal information (name, birthday,…)
• Never share information with anyone about your password.
• Make it longer.
• Store passwords in a secure management system.

What should IT businesses do about ISPs? 

IT administrators should verify with each remote worker’s Internet Service Provider (ISP) to determine whether the provider offers a “business-lite” service option that includes additional security measures and high SLAs. As the number of remote employees grows, more ISPs are offering these sorts of services and connectivity. Below are some reminders for IT businesses to do about ISPs to ensure their security.

1. Engage ISPs for security specifics and Internet access alternatives 

IT administrators should get information regarding the security of each remote worker’s Internet connection from their ISPs. In terms of management, IT administrators must impose a standard security framework across all employees and their devices, irrespective of location or access point. This ensures that VPN and antivirus software is always up to date across all devices. Don’t forget to provide settings for acquiring access to network resources, such as polling devices on a constant schedule and seeking identity verification.

2. Define and safeguard the perimeter

Security – both device and data security – is a larger concern. When all employees were in the same building, the perimeter of security measures and enforcement was within the company. However, the perimeter must now be expanded to workers’ residences as well as public Wi-Fi hotspots. According to the studies, remote employees have to avoid using VPNs on unprotected public Wi-Fi networks, since these networks are notoriously unsafe.

3. Set up private networks for data encryption

Next, it’s necessary to set up a VPN for data encryption. In this way,  you can create a private tunnel for data exchange anytime you go online. The transferred data to and from your device will be encrypted and routed over a secure tunnel, keeping it unreadable to unauthorized parties. The data also seems scrambled to hackers, which can discourage their hacking technique. With VPN encryption, you can utilize public Wi-Fi networks without fear of being hacked or losing data.

Final thought

In general, remote working environments create more rooms for cybercriminals to exploit. There’s no other way for businesses than to secure employees’ working space whether they work in the office, at home, or anywhere else. Such practices listed above should be conducted thoroughly to protect corporate data and resources from attackers.