How to Protect Remote Workers from Phishing & Other Cyberattacks
Amidst the pandemic, half of all U.S. employees worked from home, according to the Brookings Institute. And, when workplaces are eventually deemed safe to return to, the same percentage of people expect to continue to work remotely post-pandemic, at least part of the time. While so much remains unknown, one thing is clear: the pandemic is transforming the way we work and the way consumers interact with our businesses.
Long before the coronavirus was a reality (weren’t those the days), many companies had already shifted to remote work – or thought about it –whether the move was driven by leadership, changing employee preferences, cost savings, or any number of other reasons. However, with the increased mobility and flexibility of remote work comes increased security risk. Collaboration tools present new attack vectors and nefarious actors are leveraging the current moment with coronavirus-themed attacks to spread malware or steal credentials. In fact, the Federal Trade Commission recently shared a list of seven coronavirus scams targeting your business.
The pandemic changed things quickly; many companies large and small were forced to make rapid changes, and, in many cases, security was an afterthought. Now is the time to assess your risk and equip your remote workforce to stay secure, operational, and competitive. In this post, we highlight a few of the most common security risks of remote work and share four action items you can take today to protect your people and your business.
What are the Security Risks?
As if you didn’t have enough to worry about amidst the pandemic – your health, the health and well-being of your loved ones, business income and resiliency, childcare and education. Now there’s one more worry: cybercrime. Coronavirus-themed attacks are targeting SMBs, corporations, and consumers -- from intrusions at busy medical offices to ransomware masquerading as a contract tracing app to online shopping scams. The threats have reached every country on earth and the FTC has recently identified the latest form of phishing, in which fraudsters claim to be from the CDC, WHO, or other health offices.
As a technology leader, you know that you are only as protected as your people. Meaning that even with secure tools and configurations, people can inadvertently introduce risk via phishing attacks, ransomware, malware, or other social engineering attempts. And this is especially true amidst a new home office environment. Undoubtedly, at some point, remote employees will use personal devices and equipment for work-related activities, or will log on to unsecure WIFI connections while conducting business. Home networks, in general, are not as secure as office-based networks, and there exists a long history of security issues, especially when coupled with unsuspected attacks amidst the pandemic.
IBM and Morning Consult recently surveyed workers and found more than half of respondents were using personal laptops for work; 45 percent of people said they had not received any new security training amidst the work-from-home transformation. Even among those workers who are now connected to corporate networks and sensitive data from home, the majority (66 percent) had not received further security assistance, like password management guidelines.
How to Protect your Workers
Now is the time to institute security measures to better protect your remote workers. It’s a smart investment to make – the financial and reputational damages that can occur as a result of intrusion can be costly and detrimental to your business, especially if you’re dealing with confidential or financial information or if your business is subject to industry or government regulation and compliance.
Here, we outline four immediate steps you can take. But we also recommend you consult with an expert, like our team at N8 Solutions, especially if you have limited technology resources at your workplace.
Multi-Factor Authentication: Simple and Effective
Multi-factor authentication, or MFA, is a simple, but sound way to improve your security posture; it requires users to provide an additional form of identification, such as a password plus a passcode from a device or a password plus a phone call to a predefined number. Your team can use MFA for more secure access to corporate assets, especially when working from a home office environment. MFA adds a level of confidence toward a user's proof of identity; it’s a simple yet critical security measure in times like these as cybercriminals launch social engineering attacks on businesses.
And don’t forget the basics right now, either, like proper password management. Advise your employees to set strong passwords and avoid reusing passwords. We can suggest and implement password management tools for your business, and even provide educational resources to help your team set strong passwords going forward.
Identity Access Management: Added Protection
Identity access management, or IAM, is another recommended protection for remote workers. Essentially, IAM is a framework of policies and technologies to make sure that the proper people in your organization have the appropriate access to resources. Similarly, it ensures that those who don’t need or shouldn’t have access, do not. IAM also brings an added benefit of contributing to productivity and employee experience in that it grants access to appropriate assets without needing to type usernames and passwords multiple times a day.
Generally, we also recommended combining cybersecurity measures for greater protection. In this case, IAM pairs well with MFA for safer remote work.
VPN: Because Home Networks Have Issues
In “normal” conditions, your business may rely on VPN to provide remote workers secure access to your corporate network. This is a good thing! However, the sudden transformation in which all or nearly all employees are now working remotely, also results in a swift increase of VPN traffic loads, which can be a challenge for your company and technology team. Despite the load shifts, VPN remains an important component of a secure, remote workforce and you should explore adding a VPN if you don’t already have such a solution in place.
As mentioned above, there is strength and security in coupling the right measures; in this case, requiring multi-factor authentication for all VPN logins will further prevent intrusion and access from nefarious actors. And make sure VPN exists for all devices, including tablets and mobile devices, and when using mobile devices as a hotspot.
Endpoint Protection: Secure all Devices
Which brings us to our last tip. Remote workers will now be more reliant on multiple devices, including work and personal laptops, home desktop computers, tablets, and mobile devices. It’s never been more important to have a robust endpoint protection plan in place. Generally, endpoint protection software will block malware before it infects an endpoint device, and it will also eradicate malware that does evade your defenses. We know how important endpoint protection is right now, which is why we've partnered with Malwarebytes to offer comprehensive endpoint detection and response.
As you modernize your workplace to add flexibility and protection, you’ll face other challenges, like shadow IT, an uncertain future around when and how we’ll return to “normal”, and a continued threat of cyberattacks that will grow in frequency and sophistication. Which makes now the absolute right time to invest in security tools and processes to protect your people and your operations.
It’s a challenging time, but we can help. At N8 Solutions, our workplace cybersecurity experts will work alongside you to set up MFA, IAM, or VPN; implement and configure the right collaboration tools; install or update anti-virus software; or create custom educational resources to help your team be your front lines of defense.
As a result, your business will stay connected, productive, and secure during these uncertain times as we (hopefully) navigate a return to normalcy in the weeks or months ahead.
Please stay secure and healthy! Get in touch with us anytime at (262) 288-1501 or via this form.