While many of us around the globe are worried about catching this nasty virus, hackers are finding that this is a perfect time to unleash viruses of their own. More than ever, more people are working from home and it is proving to be a great opportunity for hackers. In part 2, we look at the challenges faced by organizations utilizing a remote workforce.
Working from home opens up multiple attack vectors for cyber criminals. Some security challenges include unsecured data transmissions by people who aren’t using VPN software, weak enforcement of risk-mitigating behaviors, and physical and psychological stressors that compel employees to bypass controls for the sake of “getting things done.”
To help lessen the risk to data privacy while working from home, it is wise that organizations have some sort of VPN (Virtual Private Network) in place. VPNs use what is called a “tunnel” to encrypt data as it travels over the internet. It can prevent hackers from seeing the data that is transmitted from home to work servers. According to the SANS Institute, “A VPN is a fantastic way to help protect your online privacy. However, a VPN does nothing to secure your computer, devices, or online accounts.”
Even better, creating a Zero Trust network may be even better. A Zero Trust network is one where an organization’s network does not automatically trust anything inside or outside its perimeters. Instead, every type of access must be verified before being granted access to systems. According to CSO Online, “Zero Trust draws on technologies such as multifactor authentication, IAM, orchestration, analytics, encryption, scoring and file system permissions. Zero Trust also calls for governance policies such as giving users the least amount of access they need to accomplish a specific task.”
Whether you choose VPN or Zero Trust, having up to date software and security patches is a must! Vulnerabilities to important systems must be patched in a timely manner. Hackers are great at exploiting vulnerabilities that haven’t been patched.
The need to “just get it done” can cause people to find security work arounds. When dealing with remote staff, it is important that they know the organization’s security policy, and that they are constantly reminded of it. In addition, IT and cyber security staff must ensure that remote employees are provided with the right tools for the job. Otherwise, in the rush to “get it done” employees may share credentials, start file sharing in an insecure cloud environment, or use their personal email addresses as workarounds. It is important to ensure remote workers can do all their work at home as easily and securely as they do in the office.
As it relates more specifically to remote work during COVID-19, policies should also be in place by organizations that do not allow a user’s family members to use “work tools.” This needs to cover both company-provided equipment as well as bring your own device organizations. While it sounds like a no-brainer that children should not be using work laptops for homework or gaming, while stuck indoors during a pandemic with no school, a weary parent may give in to a child’s demands to use their work laptop. Don’t do it! Don’t do it now, don’t do it ever! Children have a way of finding games or websites with all kinds of hidden malware.
Uzado is here to help you implement any of the above during the pandemic. Contact us today!