As the COVID-19 pandemic has forced many businesses to act due to shelter-in-place orders from local governments, many have opted to implement remote working protocols.
These remote working procedures, in many cases, have reduced operational costs, improved productivity and increased physical security, but they have also played a role in the increase in cybersecurity attacks due to an implementation inadequate.
In fact, the FBI has seen cybersecurity attacks soar by at least 300% since the start of the pandemic. And security researchers have discovered a significant number of vulnerabilities related to remote workers. One of the most high-profile examples of this is the supply chain water hole attack on US information technology company SolarWinds, which allowed threat actors to hit Microsoft, agencies government and cybersecurity companies. SolarWinds CEO Sudhakar Ramakrishna then confirmed that an email hack was the attack vector: “We have confirmed that a SolarWinds email account was compromised and used to programmatically access the accounts of targeted personnel from SolarWinds in commercial and technical roles.”
Although not all companies attract the attention of the type of hackers who have targeted SolarWinds, it is always prudent to implement remote work protocol security with the following tips:
1. Go Cloud
Companies are rapidly moving their operations to the cloud during the pandemic to improve remote worker productivity. Stepping up with the help of the right cloud consulting services can also bolster cybersecurity. For example, a cloud security team that offers SOC 2 Type II certified solutions can provide advanced threat detection and automated response measures to proactively stop and remediate attacks before they can disrupt your operations. They can also offer managed endpoint protection services to secure every endpoint in your organization.
2. Improve safety training
Your organization could have the smartest security solutions, robust network defenses, and most comprehensive backup procedures, and it could still be infected with malware such as ransomware, spyware, Trojans, worms or rootkits due to employee error. For example, a spear-phishing email can act as an infection vector when a teleworker downloads a corrupted attachment. Likewise, web exploits from malicious websites that employees visit can help hackers breach security.
This is why safety training is essential these days. You can find many free remote employee safety procedures programs from colleges or YouTube. However, it is best to invest in the services of a cybersecurity consultant to train staff in online best practices.
3. Monitor company computers
Many organizations have loose BYOD (Bring Your Own Device) policies to keep costs down. Unfortunately, these policies can be disastrous because it is difficult to manage threat vectors on personal devices. The best solution is to invest in corporate laptops and smartphones for employees with strict usage protocols. These devices are also easier to secure with anti-malware solutions.
4. Take advantage of corporate VPNs
Corporate VPN accounts are a great way to increase security for remote workers. Not only do VPNs create a secure and private tunnel through the Internet that hides a user’s IP address, but they also encrypt data. VPNs can also counter some network security issues.
As threat actors become more sophisticated in their attacks on remote workers, organizational leaders must take appropriate steps to strengthen security. Cloud services, cybersecurity solutions, training, and VPNs can all mitigate the risk of a cyberattack against a remote worker.