Working from home has become the norm in the wake of the COVID-19 pandemic, and it isn’t going away anytime soon. However, this practice also makes businesses more vulnerable to cybersecurity threats such as data breaches, which have greatly increased in frequency over the past year. Malicious actors are taking full advantage of this new working environment, making it essential for companies to keep up with them.
COVID Changes
The general approach and technology that hackers use to access an organization’s data hasn’t changed that much since COVID, despite the dramatic increase in attacks. However, they have made changes to the social engineering aspect of phishing that exploit everyone’s natural concerns over this disease. For example, attackers now send out emails purporting to originate from organizations like the Centers For Disease Control And Prevention (CDC) a World Health Organization (WHO). Additional approaches to persuade a recipient to click on a link in an e-mail include offering bargains on facemasks and other protective gear. Notifying recipients that someone close to them has been exposed to the virus has also become a common tactic during the past year.
General Practices
Most employers that allow employees to work from home already have basic security measures in place to prevent the unauthorized access of data. However, it’s vital that the employees actually make use of these measures while working in a home environment. Any employee device should be installed with the most current version of all security software. Additional measures include password protection technologies such as multi-factor authentication (MFA) and additional credentials needed to protect sensitive information.
Downloads
Employees working from home are more likely to download files when they believe there from an employer. Norton, a leading antivirus and security software firm, notes that remote employees are particularly vulnerable to downloading infected video-conferencing and instant-messaging software. The best practice is to only download software authorized by the employer, even when an alternative could save time. The same thing applies to downloading sensitive company information to a personal device that hasn’t been properly configured with appropriate security software. The National Law Review reports that misguided attempts like these increase a user’s risk of attack by cyber criminals.
Passwords
Basic password hygiene is always a good idea, but it’s particularly important when accessing a company’s network remotely every day. Remote employees must update their passwords regularly, including passwords for networks and routers. The general rule for passwords is that they should be easy to remember but difficult to guess. Never use passwords that contain personal information, such as addresses, birthdays or a child’s name.
VPN
Remote access to an employer’s systems should always occur through a secure communication channel such as a Virtual Private Network (VPN) that uses the latest encryption. A modern VPN that’s properly configured provides a high degree of protection for communication that occurs over a public Internet. It also adds a much-needed layer of protection to a home network.
The outbreak of COVID-19 has disrupted daily business operations by itself, prompting many businesses to allow or even require employees to work from home. However, this practice also provides attackers with greater opportunities to access sensitive data. Security practices that were effective before the pandemic are even more important now that remote access has become the routine rather than an exception.
IMG_1103 flickr photo by izzatFulkrum shared under a Creative Commons (BY) license