How to Keep Your Business Secure and Afloat During the Coronavirus Pandemic
The progress in technology we’ve seen in the past few decades has allowed users to “hunker down” as per the plea from Dr. Anthony Fauci, the director of the National Institute of Allergy and Infectious Diseases “stressing the importance of Americans staying home as much as possible to limit the deadly spread of the novel coronavirus.”
However, there are often work from home security issues in terms of information security as remote work environments rarely have the same safeguards as the office, and often users forget to align themselves with their company’s remote working security policy. In fact, online criminals are ramping up their tactics in order to take advantage of users that might have inadequate security support.
Work From Home Security Issues
According to researchers, many online attacks are likely to play on the fears of the coronavirus, which we have seen in the many phishing attacks sent worldwide. Scammers have attempted to send vulnerable users emails while pretending to send them from the World Health Organization. On the other hand, a remote-access trojan has also been launched, taking screenshots, downloading files, packaged in a COVID-19-themed campaign.
“In general, attackers are looking for a vulnerability to deliver their attack,” Chris Rothe, chief product officer and co-founder of Red Canary, told Threatpost. “In this case, people’s fear over the virus is the vulnerability attackers will look to capitalize on. If an individual is concerned or stressed about the virus they are less likely to remember their security training and will be more likely to, for example, click a link in a phishing email or give their credentials to a malicious web site.”
The problem then lies in the online security, or lack of, especially for those of us not used to working at home. “People working from home get easily distracted, especially if they are normally used to working in the office, and they will mix work with personal email and web browsing,” Colin Bastable, CEO of security awareness training company Lucy Security, said in an email interview. “This increases the risks that they can introduce to their employers and colleagues, by clicking on malware links. So now is a great time to warn people to be ultra-cautious, hover over links and take your time.”
These work from home security issues are generally down to a lack of IT solutions and can hinder organizations that are looking to send their employers to work from home. This also creates a major challenge for the IT sector in any business.
“As a security team you lose control of the environment in which the user is working,” Red Canary’s Rothe said. “Have they secured their home Wi-Fi? If they’re using a personal computer, what mechanisms do you have to ensure that the device isn’t compromised? Essentially, your network perimeter now includes all of your employees’ homes. Some security programs are ready for this, some aren’t.”
There are also those companies that don’t usually enable telecommunicating according to Sumir Karayi, CEO of 1E.
“Government, legal, insurance, banking, and healthcare are all great examples of industries that are not prepared for this massive influx of remote workers,” Karayi told Threatpost. “Many companies and organizations in these industries are working on legacy systems and are using software that is not patched. Not only does this mean remote work is a security concern, but it makes working a negative, unproductive experience for the employee.
Regulated industries pose a significant challenge because they use systems, devices or people not yet approved for remote work,” he said. “Many companies must have secure environments and devices to meet regulations; it is not possible to secure and certify remote work because of security concerns and unauthorized people gaining access. Proprietary or specific software is usually also legacy software. It’s hard to patch and maintain, and rarely able to be accessed remotely.”
Threats are coming in from all sides including those working via the mobile sphere. “Students and workers remaining at home, or possibly stranded in remote locations are going to be heavily dependent on their mobile devices,” Lookout’s Hazelton said. “Mobile attacks are particularly effective because they often trigger immediate responses from recipients – instant communication platforms like SMS, iMessage, WhatsApp, WeChat, and others.”
Best Practices for Companies with Employees Working From Home
Use a VPN
Most savvy online users will already be familiar with using a Virtual Private Network in order to bypass regional restrictions and get complete access to worldwide content despite their location. This is because a VPN tunnels your online traffic through to a server in a location of your choice making it an ideal solution for location spoofing.
However, VPNs are also used to add an indisputably efficient layer of privacy and security to your internet traffic helping to prevent work from home security issues. It will encrypt your traffic so that it is unreadable to anyone trying to intercept it. It means third parties, government agencies, your internet service provider, and cybercriminals will be unable to get their hands on your information.
You should know that many VPN solutions will slow down your internet speeds, sometimes causing your connection to slow down as much as 60-70%. Excellent VPNs such as ExpressVPN will ensure that you have complete security online while not impacting on performance.
Remote Working Security Policy and Remote Access Solutions
All companies should have a remote working security policy. Remote access solutions will allow employees that need to work from home to have access to data that is on their computer at the office in order for the business to keep moving forward during this testing time.
“The first step employers should take right now is to conduct a remote-work tabletop exercise with their key executives and line of business leaders,” said Rick Holland, CISO and vice president of strategy at Digital Shadows. “You need to inventory your business applications and identify the mission-critical ones. For SaaS applications, follow up with your providers and inquire about their business continuity plans. For on-premises applications that require VPN connectivity, test and validate that VPN connectivity for higher utilization than usual.”
Remote Tech Support and Remote Hand Solutions
Implementing a solution that will allow a company to send out minimal (one or two) field reps for any maintenance or repair calls so whole teams of people don’t need to be deployed. This allows the first responders to have a secure and fast way to communicate during emergencies.
Remote and Virtual Telephone Services
Arming your employees with the office phone means that they can still safely send and receive calls through their company’s voice data systems. It also extends to company laptops. Chances are if your company has an efficient IT team, they are normally installing regular updates, blocking malicious websites and running antivirus scans. The truth is most of us don’t follow the same protocols with personal computers as the IT team does at work.
“The staff could connect from company-issued laptops or options like Citrix or Amazon Workspaces that enable staff to work from any device,” Holland said. “It might also be necessary to roll out new VoIP and increase web conferencing services licenses.”
Practice Secure Web Conferencing
Be sure to introduce secure web conferencing where no outside people are able to sneak into the meeting. This allows thousands of people to participate in the conference should you have a large enterprise. The issue is that most web conferencing tools will only allow for a few participants or aren’t all that secure.
A VPN will allow your employees to work from home and participate in such calls with the confidence of knowing that nobody is listening in on their conversation.
It’s also important to consider the issue of on-premises software, including costs. “You cannot replace legacy on-premises applications overnight, so increasing VPN capacity to accommodate more staff working remotely could be expensive,” Holland said. “One of the unintended consequences of COVID-19 will likely be increased zero trust adoption that further embraces cloud services, eliminates VPNs, and enables employees to work from anywhere.”
Avoid Public Wifi
One of the biggest issues when using wifi is that other people also have access to the same network. Without a firewall between you and other users, there is the possibility that cybercriminals can infiltrate your computer just by using the same public wifi. Another issue is that those connected to the same network can monitor your online traffic, which could be catastrophic for companies.
You can also use your own data or pay for a 4G or 5G service that is almost as fast as home network access. Alternatively, if you have not other option but to use public Wifi, the best way to do so is in combination with a VPN. This handy tool will allow you to connect to a variety of services like web pages, email or SQL services all while protecting your traffic.
Use Cloud Solutions
This will allow your team to access company data from any location at any time with your data safely located in a secure cloud environment. You should also remember to back up your data, which can be lost in a number of ways. This includes physical damage to hardware, human error or cyberattacks. Malware and ransomware can mean that your entire system is instantly wiped out without you having a chance to notice or stop it.
Cloud backup services come with a range of options that will enable to you schedule backups for a low cost.
Install Updates Regularly
Sometimes updating your device software can be both time consuming and annoying. However, we cannot stress enough the importance of updating your operating systems. These updates will contain patches for any new security vulnerabilities that might have been uncovered since the last update. In most cases, you will be able to set up your updates to run automatically. Schedule them while you’re sleeping so you don’t have to concern yourself about downtime.
Use a Password Manager and Two-Factor Authentication
Many of us are far too lazy when it comes to setting strong passwords, and that is because they are difficult to remember.
‘A study carried out by the Ponemon Institute found that 51% of individuals in the UK reuse an average of five passwords across different sites and services. “This makes your accounts far easier to hack,” says Nic Sarginson, senior solutions engineer at security firm Yubico. “By gaining access to one account an attacker could quite easily crack another.” It’s the cyber-equivalent of having one key that unlocks your front door, your office, your car and the bank for good measure, and then keeping a spare under the doormat. “Every year billions of credentials such as email addresses, passwords, and personal information are shared and traded online by cybercriminals,” says Dr. Richard Gold, director of security engineering at Digital Shadows.’
This means we’re more likely to choose passwords that include the names of loved ones or our pets, something that is easily guessed just from a simple social media search.
According to the New York Times,
‘Bill Burr, the father of the modern password, apologized last week in The Wall Street Journal (paywall) for a 2003 report he wrote on passwords that said we should all use p4s$W0rd$ t|-|aT l00k LiK3 7hi$.
The reason for his mea culpa? The webcomic xkcd summed it up long ago: “Through 20 years of effort, we’ve successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess.”’
The reality is, having a strong password just doesn’t cut it anymore, especially if your credentials are leaked in a data breach. The solution is to enable two-factor authentication which will involve an additional step as well as an extra layer of protection. This can include text message confirmation, fingerprint scanning or facial recognition.
“If you can memorize all your passwords, you can almost guarantee that they aren’t varied enough to be secure. A password manager may feel like putting all your eggs in one basket, but it’s a padded secure basket kept up-to-date by the best minds in the basket business, and what you’re doing right now is more like juggling the eggs above your head while blindfolded.”
Use Antivirus Software
Great antivirus software is another excellent line of defense when enforcing a remote working security policy. It will regularly scan your device depending on the set schedule looking for signature malware threats, phishing threats, and malicious social media links amongst others. One of the biggest highlights of using antivirus software is that you will have protection in real-time.
“The Smart Home is clearly a Dumb One with cheaply made devices and minimum password protection mixing with little interoperability, but I don’t understand why the consumer appears to be blamed for the situation.”
“I’ve worked in this industry for ten years and seen a lot of changes and there will be more to come. But, don’t forget how anti-virus products managed to keep the internet going during the years when it was most vulnerable. I really think it still has a huge role to play in protecting the consumer,” Paul Lipman, CEO of BullGuard said.
With coronavirus taking such a toll on people’s health, many governments have had to implement regulations that involve asking people to work from home.
However, there are many work from home security issues that many of us haven’t considered. There is sure to be a surge in cybercrime over the following weeks with many companies without the proper security solutions being targeted most.
A remote working security policy is vital to ensure that your business runs smoothly. The above tips should aid employees to act responsibly and safely with corporate information, but it is best to train all staff when it comes to your company’s security policies.