The coronavirus pandemic caused a remote work boom. Many employers decided to let employees continue operating from home for the foreseeable future. That's arguably a smart decision for public health in the current climate, but it could create new cybersecurity challenges. Here are five things companies can and should do to relieve the associated burdens.
Research found that 80% of people polled never worked from home before the pandemic or only rarely did. An even more worrying conclusion from that study is that half of the respondents did not receive new security policies to guide their transitions.
Company representatives must realize that people need to adjust to working from home. Giving them specific security protocols will ensure they follow the right steps and feel less overwhelmed. For example, a company might create a policy that people should never attempt to access databases over public Wi-Fi points because they're not always secure.
People often talk about authentication and cybersecurity together since they're both relevant, related topics in an increasingly connected world. Access happens when a person tries to retrieve a resource, and authentication involves checking that they have the right credentials.
One practical possibility involves activating two-factor authentication (2FA) for all interfaces or tools employees access while working from home. Companies should also verify that a person does not have too much access. A 2019 study showed that 53% of companies left more than 1,000 sensitive files accessible to all employees. Using a role-based authentication system could make it easier to control what people can access — at home or otherwise.
Phishing is an ever-present security threat, and people may be less vigilant about checking for the signs when they access their work email accounts from home. Reminding people to stop, think and connect can thwart fishing attempts with easy-to-remember actions.
- Stop: Avoid responding to any unusual emails that ask for personal information or downloading strange attachments, and think about the consequences first.
-Think: Look for suspicious signs by checking that the email has a valid sender, URL and timestamp and that the email does not contain spelling errors.
-Connect: Reach out to the IT department to report any messages that seem malicious, and always approach all links and downloadable content with caution.
A June 2020 survey revealed that 77% of respondents used unmanaged and insecure personal devices to access corporate systems. Focusing on cybersecurity for people working at home may mean mandating that they use workplace-approved equipment to do so and agree to receive automatic software updates.
Products also exist that protect critical data from theft and ransomware, such as Cigent D3E. It takes a zero-trust approach to authentication and cybersecurity, meaning that no entity receives automatic trustworthiness. The new internet security challenges associated with at-home work require security teams to become even more proactive about safeguarding from threats. That often necessitates making strategic investments to meet goals.
People who assume responsibility for helping a company's employees work from home securely should take preventive measures in case a device gets stolen or lost. Many remote workers may decide to change their environment by setting up at libraries or co-working spaces — especially if kids or housemates make it difficult to concentrate at home.
Encrypting files and whole devices helps keep out unauthorized parties. For example, Cigent DataSafe Storage works with Cigent D3E and is a solid-state drive for primary or secondary storage. It adds a layer of firmware security and allows users to create self-encrypting device partitions known as Secure Drives. They enable storing files beneath the operating system layer that disappear from a hacker's view if the system detects a threat.
IT teams should also explore tools that let them remotely lock a misplaced or stolen device as an extra precaution. Beyond that, IT department workers should always instruct people to use strong passwords and ensure no one is peering over their shoulder when they input them.
Employees undoubtedly share the responsibility of maintaining excellent cybersecurity while they work from home. However, it's much easier for them to do it when their workplaces support them in that aim. These five tips give businesses excellent starting points to understand and minimize the cybersecurity burdens associated with employees working remotely.
Devin Partida is the Editor-in-Chief of ReHack.com. She covers topics related to cybersecurity, smart tech and big data.