As organizations across the country have moved to remote work models, many have reported an increase in cyberattacks. Cybercriminals, it seems, are taking advantage of the public health crisis to exploit security vulnerabilities in home-based computer systems.
The attacks mostly rely on common tactics — attempts, for example, using phishing and phone scams meant to spread malware and pilfer financial data. But now that most employees are outside the protection of the corporate network perimeter, these everyday threats have created new risks.
What can organizations do to minimize the chances that their shift to remote work results in an expensive breach? We recommend a multipronged approach that combines the use of security tools and end-user education.
Cloud-Based Security Tools
With employees (and students, in the case of colleges and universities) now connecting to central systems remotely, the easiest way to bolster security is through solutions that can be implemented via the internet.
Among the critical cloud-based products available to network administrators: data loss prevention tools that ensure employees don’t expose sensitive assets to prying eyes; next-generation endpoint protection solutions that use artificial intelligence to analyze user and system behavior and thwart malware attacks; and URL-filtering applications that prevent end users from inadvertently accessing dangerous websites.
Other protection products that can be delivered through the cloud include email security gateways to help catch zero-day phishing attacks and firewall solutions that can be scaled as necessary to match the needs of a remote workforce of any size. Some cloud solutions can even automate the patching process to ensure operating systems and applications are always up to date.
End-User Training and Best Practices
In conjunction with the deployment of the latest security tools, it’s important for companies to educate employees on the do’s and don’ts of home-based computing. Home Wi-Fi routers, for example, must be password-protected, and under no circumstances should an offsite employee conduct work on a public or unsecured connection. Home network segmentation (through the use of a separate router) is also advisable: With so many personal devices connected to the typical home network, isolating work computers on networks of their own can prevent intrusions.
Another layer of remote work security can be added through use of an identity and access management system. When employees attempt to access a corporate system remotely, they should be required to enter information that proves their identity beyond the standard username and password.
Finally, employees should be provided with security awareness training so they know how to look for cyberthreats. When workers understand how phishing attacks are designed, they’re more apt to recognize such hazards when they see them. And if they know, for instance, that the company IT team will never call them at home, they’ll be far less likely to fall for the kind of phone scams that can put the keys to corporate headquarters in a cybercriminal’s hands.