As organizations remain unsure of when their staff will be able to reenter traditional office environments, maintaining security continues to be essential. Many organizations are not structured to work outside of a traditional corporate environment for regular operations, and malicious actors know this.
As the pandemic continues, hackers are finding new ways to target businesses through shifting cyber schemes like phishing, domain spoofing and impersonation attacks. With hackers targeting enterprises from different angles, employees can be either a business’s weakest or strongest asset. It’s therefore critical that businesses implement cybersecurity best practices to make sure an enterprise remains strong.
Below are tips for how companies can keep their business operations and employees secure and compliant when everyone, including the IT team managing their organization’s network, is working remotely.
Challenges of Remote Work: Human Error
The shift to working from home happened so fast that many organizations were not prepared with the technology and plans needed to reduce or eliminate the increased risk from massive work-from-home operations.
Outside of traditional office settings, it’s easy for cybersecurity to become lax. With employees working from remote networks and using personal devices, hackers have an increased opportunity to take advantage of human error, which is the source of 90% of security breaches.
When working remotely, employees are often not adequately behind corporate firewalls, are using personally owned devices without company managed anti-malware software or use work devices for non-work reasons. Manyarenot using their VPNs unless necessary and are running unsecure video conferencing software for personal purposes during the pandemic. Couple this with the fact that people are constantly looking for the latest information around COVID-19, and it creates the perfect recipe for malicious actors to create phishing attacks.
Just as every day is a casual Friday when working from home, employees have become more casual in their cybersecurity awareness and have become far more susceptible to clicking on a malicious link or opening a bad attachment. This poses increased risks to organizations as many companies have not yet implemented explicit security rules around segmented VPN networks, potentially exposing entire corporate networks to attacks from a single compromised machine.
As a result, email-based cybersecurity attacks are on the rise. For example, Google reported the discovery of 18 million phishing and malware emails related to COVID-19 daily from April 9th-16th. In just a two week period, cybersecurity firm Mimecast also discovered nearly 60,000 maliciously spoofed coronavirus-related websites, with about 6,000 registered every single day.
In this time of increased risk, leadership should, now more than ever, be consistently strengthening their cyber resilience strategies.Businesses should implement employee cybersecurity training programs or run a refresher of content that is often only used once annually.
To keep employees consistently informed of and involved in protecting against the threat landscape, IT leaders should make these trainings fun, interactiveand integrated across the enterprise. Leaders should send out regular emails to employees with best practices and details on the types of attacks to watch out for. While user diligence can help prevent many scenarios, ultimately IT leaders must assume that mistakes will happen, and implement appropriate controls to prevent or minimize risk.
Securely Manage Cloud-Based Environments
Business are continuing to turn to the cloud to strengthen employee collaboration and communication during remote work. The frequency of managing workloads in the cloud is only set to increase and, therefore, setting up the proper security protocols to keep information secure in public cloud environments, is essential.
With this in mind, businesses must look to authentication and automation to manage and protect their data. Multi-factor authentication (MFA) and encryption are key to remote work security. Where corporate networks are available remotely with only usernames and passwords, it is an invitation for a malicious actor to compromise a company network with stolen credentials. IT leaders should teach their employees how to use MFA and implement encryption across all of their devices. With multi-factor authentication and encryption, enterprise environments are protected by a dual-layer of security.
Monitoring and alerts should also be a key part of the strategy implemented by IT leaders. Alerts help an organization stay attuned to potential network threats and get in front of them before they occur. But, they should be balanced with human threat assessment since automation opens up the door for hackers to see right into where an organization is falling flat. IT leaders should ensure their organization couples alerts with manual processes to ensure they always have an eye on who might be taking advantage of their networks.
Implement regular threat assessments, detections and security trainings
Smaller organizations in particular often do not have the security systems in place to support a remote workforce – and malicious actors know this. Therefore, it’s essential that these, and organizations of all sizes, have the infrastructure and assessment strategies in place to be able to react and adjust to changing work scenarios.
Hopefully IT leaders have already implemented remote access capabilities for their organization and all devices are connected through a central domain so that they can centralize the configuration and implementation of patching, anti-malware, and personal firewalls. During this time of remote work, IT leaders should first make sure that employees have their VPNs set up and are using them. Second, all devices should be equipped with anti-malware and patching software that is regularly updated.Third, incident response plans should be regularly updated, detailing how to address the next potential impact of the pandemic.
It’s not the time to lighten up on security
While some states begin to reopen and get people back to work, most businesses are still hunkered down, with their employees working in different areas on different networks.This opens up organizations to a wide variety of potential cybersecurity risks and, during a time of such economic uncertainty, no business can afford falling victim to an attack.
Since humans are one of the riskiest assets to enterprise infrastructure, it is key to continued function and operation that IT leaders work directly with employees to ensure that their business is secure – from the cloud to the edge.