Given unprecedented worldwide health–safety issues due to COVID-19, people are actively practicing social distancing, leading to more and more employees working from home. Remote working is nothing new, but given the short notice and the numbers of new remote workers, organizations face a myriad of cybersecurity risks and challenges.
What type of cybersecurity challenges?
From the first instance that news hit about COVID-19, opportunists attempted to take advantage of the situation, initially playing on people’s fears regarding the Coronavirus itself. Related: Growth of Coronavirus Themed Cyberattacks Now, given the increase of new, at-home employees and remote workers in general, cybercriminals are also given more opportunities to exploit inadequate or lacking IT resources. Scammers prey on vulnerability, and this workforce transformation produces many threat vectors for hackers to worm their way into any network.
These susceptible paths include:
- Unsecured Wi-Fi and/or email
- Reliance on personal rather than work-configured devices
- A lack of VPNs
- Out-of-date anti-virus software
- A misconfigured or unsegmented network
- Distracted workers/organizations
This is, in fact, what recently happened to Otterbein University in Columbus, Ohio, hit with ransomware days after switching to online-only classes. Unfortunately, training and IT support are tougher for remote workers who need both now, more than ever.
Remote working best practices
Every organization and its employees need to ensure they are ready and able to adjust to the new work environment. The first step should be to slow down and create a checklist of things to do before work can start at home. Conduct a risk and cost assessment to understand if it is feasible or possible.
Organizations must also:
- Inventory needs and capabilities
- Talk to providers/IT about meeting these needs
- Test and validate employees’ VPNs, Wi-Fi networks, and anti-virus software
- Ensure every computer/email account uses encryption tools, including hard drive encryption
- For regulated industries like healthcare, make sure you safeguard your email (e.g., HIPAA compliant email)
- Conduct remote-work tabletop exercises
- Be prepared for an increased IT staff and specialists need
- Ensure remote staff understand and are able to work remotely
- Create a work-space and follow a schedule
- Secure Wi-Fi routers with a unique password
- Be wary of suspicious emails—use cyber awareness training even at home
- Bring all security problems to IT staff as soon as possible
- Stay connected to others in the office (virtually) when able: collaborate!
- Learn personal methods to ignore and deal with distractions
Many organizations can navigate the sudden move to remote work successfully by insuring communication remains open, accessible and secure both internally with staff, and externally with third parties.