Coronavirus, Remote Working and Cybersecurity
Working from home is not complicated. Most of us do so now and again. Accessing an internet connection is easy enough, and cloud office suites and SaaS applications make it seamless to transition from working at the office to doing so on the couch in your living room. But most organizations will not have supported so many employees working remotely, and employees themselves may be a little out of practice in observing best practices when working from home.
So now is the time to review and enhance security around remote access to corporate data, at both ends of the connection.
Here are tips for secure remote working for employees and their employers.
Best practices for employees
We naturally tend to be more relaxed at home, especially when it comes to security. After all, we’re in the safety of our own homes, so what could go wrong? Unfortunately, cybercriminals are seeking to exploit precisely this sort of complacency with carefully-engineered phishing exploits and threats.
Here is some advice for employees:
- Pay attention to passwords: It’s a good idea to review and strengthen passwords that you use for logging onto remote resources, such as email or work applications.
- Be phishing-aware: Be wary of clicking on links that look in any way suspicious, and only download content from reliable sources that can be verified.
Remember that phishing schemes are a form of social engineering, so if you receive an email with an unusual request, check the sender’s details carefully to make sure that you are communicating with colleagues, not criminals. Research teams have uncovered that domains related to coronavirus are 50% more likely to be malicious, so make sure to cast a critical eye over anything unexpected that pops into your mailbox.
- Choose your device carefully: Many employees use their company computer or laptop for personal use, which can create a security risk. The risk is even higher if you use a personal computer for work purposes. If you have to use a home or private computer for work, talk to your IT team about how to strengthen security – for example, by adding a reliable anti-virus and security package to it.
- Who’s listening in?: Does your home wi-fi network have a secure password, or is it open? Make sure it is protected against anyone within the range being able to access and connect to the system.
Best practices for employers
This guide should serve as a starting point for organizations, whether their apps and data get stored in data centers, public clouds, or within SaaS applications:
- Trust no one: Your entire remote access plan has to get built using the mindset of zero-trust, where everything must be verified, and nothing should be assumed. Make sure that you understand who has access to what information – segmenting your users and making sure that you authenticate them with multi-factor authentication. Additionally, now is the time to re-educate your teams so that they understand why and how to access information safely and remotely.
- Every endpoint needs attention: In a typical scenario, you might have people working on desktops inside the office. Assuming that their devices aren’t going home with them, you now have a slew of unknown tools that need access to your corporate data.
You have to think ahead about how to handle the threats posed by data leakage or attacks propagating from a device into your network. You also need to ensure that the overall security posture of devices is sufficient.
- Stress-test your infrastructure: If you want to incorporate secure remote access tools into your workflows, it’s critical to have a VPN or an SDP. This infrastructure must be robust and should be stress-tested to ensure that it can handle a large volume of traffic, as your workforce shifts gears to work from home.
- Define your data: Take the time to identify, specify and label your sensitive data to prepare for policies that will make sure that only the appropriate people can access it.
Make no assumptions about previous data management and take a granular approach that will serve you well once remote access is fully enabled. No one wants to provide the entire organization with access to HR accidentally.
- Segment your workforce: Run an audit of your current policies relating to the access and sharing of different types of data. Re-evaluate both corporate strategy and your segmentation of the teams within your organization so that you can rest assured that you have different levels of access, which correlate with the various levels of data sensitivity.