Cybersecurity Concerns Rise for Remote Work
With remote work on the rise, cybersecurity concerns rise, as well. In this new normal for work, passwords alone don’t cut it.
Technological advances have enabled more people to work remotely, and there was a clear trend in place that was noted at the beginning of 2020.
Those numbers would have multiplied in the wake of COVID-19, which prompted many businesses to shift to a remote work model.
There are clear benefits to empowering employees to work remotely that may make more businesses embrace this model for the future.
However, the vulnerabilities of collaboration platforms that have come to light as people working from home increasingly use it to connect and the increase in cyberattacks recorded this month make it clear that remote work situations call for extra vigilance.
We put together tips from experts on securing communication and data transmission with remote employees.
What are Remote Work Challenges?
James Stickland, CEO of Veridium, observed: ”You used to just have to protect the four walls in which you sat.” But with the shift to remote work, Stickland said you have to think about the weakest link in the chain, which typically comes down to the human user and the remote collaboration tools available to them.
Ideally, he said, you’d want to have a plan in place ahead of setting up remote teams with “seamless strategies and user-driven processes” that enable people to work intuitively without putting a strain on IT for setup and explanation.
That is why users need to be properly prepared and trained in using the tools of choice for the business.
Otherwise, users will find their own workarounds, which results in security gaps. Stickland acknowledged that many fall short on providing the necessary “education and reference points” for security awareness on the part of remote workers.
Passwords are Passe in this Environment
All the experts agreed that relying on passwords alone for remote workers’ security is asking for trouble. They generally favor multi-factor authentication (MFA), as well as secure alternatives to passwords like biometrics.
Ryan Thompson, CEO of the home security company Smith Thompson recommended: “Finding the right way to securely connect to your network is critical.
The BYOD Question
When working from home, many people end up using their own computers, laptops, and mobile phones. Some embrace BYOD, though others consider it a potential security gap.
Heinan Landa, CEO and Founder of Optimal Networks believes it’s safer to use firm-provided equipment. He explains that is “because most companies have antivirus and filtering already in place” and “maintain their machines pretty well.”
He also recommends keeping the devices used for work exclusively for that, which means: “Keep kids and family off of it.” The concern is that if other users go on , they may end up on sites that can compromise the security of the device, and: “Keeping work data safe has to be top priority.”
One the other hand, Stickland considers BYOD “very viable.” He said there are many options for software that will enable you to create applications for a secure environment or toggling to create access to specific content to maintain a segregated environment.
He explained that the solutions emerged six or seven years ago when people started bringing their iPhones into work, and then got extended to laptops and other devices.
“Your phone may be jailbroken, and your laptop can have viruses,” Stickland conceded. “But that shouldn't affect access to content.”
It’s also sometimes necessary to enable people to use their own devices because it is sometimes not possible for the organization to provide all who have to work remotely equipment to use at home.
Accordingly, Stickland believes the solution lies in the right software rather than exclusive devices.
Be Sure You Have Backup
There was general consensus about the importance of having remote workers back up their data. Cloud services are the best solution for that, Stickland said, though he added that they are not one-size-fits-all.
“Each has its own backup policy, so you have to look at that and make sure it's what you want.”
He acknowledged that some financial firms were reluctant to adopt cloud solutions because of concern about regulations. In fact, though, “security protocols around major clouds can be more secure than the bank’s own system.”
For some business, the ideal solutions is a “public-private cloud hybrid.” However, the majority of businesses have failed to implement this, and so they may have more of a challenge to work through the appropriate cloud solution for remote work.
Virtually Batten Down the Hatches
In addition to a plan for equipment and backup it is necessary to follow up with a security check that virtually dots every I and crosses every T.
Frank Krieger, Miro’s new Trust and Reputation Director shared three tips:
Ensure that you’re encrypting data in motion.
A fair number of people will be working through public or personal networks, ensuring there are secure methods of transit is paramount, either through a VPN or through secure HTTP.
Confirm malware and intrusion detection scanning is running and enforced on all endpoints.
With employees working from home, there is a higher than usual chance of personal and work devices themselves interacting which could spread into organizational systems.
Stay engaged with your teams, managers and execute staff.
There is no better time to reinforce an organization's culture and ideals. Engagement meetings such as all-hands should be made to keep everyone up-to-date and remind staff to keep doing the right things around cyber-security.
The Zoom Explosion
While staying in touch is important, automatically reaching for the easy-to-use free tool can open up a Pandora’s Box of security headaches. With free access and easy-to-use features like screen-sharing, Zoom has now become one of the favored remote collaboration tools.
Increased use also increase temptation for hacking, though. That’s what happened in the case of Zoom. People learned the hard way that just signing on without any security protocols in places opens up ways for outsiders to find a way in.
Telework Tips from the FBI for Virtual Meetings
After noting the prevalence of hijacked Zoom meetings, the FBI’s recommendations are the following:
Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.
Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.
Manage screensharing options. In Zoom, change screensharing to “Host Only.”
Ensure users are using the updated version of remote access/meeting applications. In January 2020, Zoom updated their software. In their security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.
Lastly, ensure that your organization’s telework policy or guide addresses requirements for physical and information security.
The FBI also adds that you can report instances of hijacking as a cybercrime. But you certainly don’t want to get into the situation in which that is necessary.
Being proactive about cybersecurity for remote work will pay off in averting data breaches and headaches down the road.