Increasingly by the minute companies have turned to remote work as a precautionary measure for their employees, with the spread of Coronavirus, or COVID-19. With the focus on balancing business productivity with the health and safety of their workforce, it can be easy to overlook the safety and security of an organization’s network or data. This is the first time for many companies where they have remote workers on such a large scale, which means that it is likely that they have no protocol or guidelines in place to help keep their information and devices safe from cyber threats. Threat actors have already started to capitalize on the vulnerability of human lives making this even more important and time-sensitive.
Consequently, Our security experts suggest the following tips and best practices for cybersecurity when you have remote workers:
Password Manager –
A great way to keep all of your team’s online accounts and password secure is by using a Password Manager. Secure sharing of passwords is enabled due to this, and can also be used to generate so that everyone on the team has easy, safe access to whatever they need to complete their work.
2FA –
Advantages like seamless collaboration and sharing have been provided to the teams that are working remotely through many popular business software platforms that are accessed through the cloud. However, the demerit of it is that it makes impersonation easier and allows access to data to someone who is not an employee. This usually happens when weak passwords are used. This is where 2FA or Two Factor Authentication becomes critical for remote workers using cloud-based software. Once implemented, this makes it much more difficult for an unauthorized user or attacker to gain access to your account.
2FA or Two-factor authentication is a method in which an employee or user must provide two pieces of evidence: something you know (such as a password) and something you have (such as a hardware token or cell phone that generates a unique code).
Endpoint Protection –
For keeping remote workers protected, securing endpoints is one of the most important priorities. Endpoints serve as access points to a company’s network and it can create points of entry that can be exploited by hackers. It becomes critical to manage remote workers since the endpoint physical assets are not maintained within the company’s premises. To secure devices accessing the network, endpoint security software uses encryption and application control, along with controlling security on those points of access to monitor and block risky activities. Data leaks can also be prevented by encrypting data on endpoints and removable storage devices. Application control prevents endpoint users from executing unauthorized applications that could create vulnerabilities in the network.
Awareness about the safety of physical devices –
Cybercriminals are opportunists and will take advantage of any chance they come across, hence employees need to be hypervigilant when it comes to the physical safety of their devices, irrespective of where they are working from. In such a case, protecting any devices that can access the corporate network becomes vital. Hence, our security experts suggest the below best practices to educate employees:
- Use the most secure method available for each device to password protect and lock screens
- Always keep the device physically close to you
- Never let anyone else access or use your device, especially if they want to plug something like a USB in it
- Enable “Find My Device” options for each device or install a tracking software
- Always back up your files and encrypt sensitive data
Avoid Public or Insecure Networks
This applies to employees who are in transit with a lure of a coffee shop wifi or a hotel lobby network not being too far away. This, however, can be very risky as a hacker can easily intercept sensitive data and capture log-in credentials. Unsecured Wi-Fi networks are used as a platform by hackers to distribute malware or spoof a public Wi-Fi network to draw in users and siphon their data without anyone knowing. It is advisable to avoid public networks while working on a device that can access corporate networks.
Using a VPN –
A virtual private network, or VPN, provides anonymity by creating a private network from a public internet connection and gives the user online privacy. With the help of a VPN, a user’s online activities can stay hidden since it hides the user’s IP address. A business should ensure that their employees connect to their company network and access all the key applications through a VPN.
Employee Education –
Apart from the above-mentioned security measures, organizations should educate their employees to always follow certain basic security etiquettes while working remotely such as:
- Not using personal email for any official purpose
- Not using non-vetted online messaging applications or other software that can pose security risks
- Not to use any personal device to access the company network
Understanding how to detect and report phishing attempts –
A method used to gather personal information using deceptive e-mails and websites by cyber attackers is called Phishing. Usually, such emails will come from someone posing as a member of the IT team or from corporate leadership to provide a sense of legitimacy. With the help of Social engineering techniques, cybercriminals lure employees into revealing confidential data or credentials. What makes the matters worse is that phishing activities tend to increase during times of crisis and uncertainty.
Hence, it is important to educate employees on how to detect and report potential phishing attempts:
- Be vigilant and think twice before clicking any links or opening an attachment.
- Always verify the email of a sender
- Check the message thoroughly to see if it is missing your name or if the content has bad grammar and spelling
- The email requests you to share personal information, like a password
- Create a plan for reporting suspect emails. Train employees on what to do and how to report a suspected phishing email. This can include forwarding the email to a phishing inbox that your security team has set up or just notifying your IT team and asking what to do with the email and how to handle the situation.
To read more, please check eScan Blog