Since the beginning of the Covid-19 pandemic, remote working has become commonplace for all types of organizations. To accommodate a workforce limited to their homes, businesses adapted new ways of communication and administration, and millions of office workers established home offices. Around 557 million individuals, comprising 35% of the workforce in the USA, are working from home by the second quarter of 2020. And many of those folks will continue to work from home long after the epidemic has passed. According to Pew, around half of workers want to keep working from home, while McKinsey claims that at least 25% of US occupations are suitable for WFH. Prior to 2020, just 5% of Americans worked from home; the pandemic significantly altered working conditions. But are employees and businesses ready for the effects of switching to home offices on cybersecurity?
Additionally, research released by the identity management firm SailPoint, consists of some details of major security vulnerabilities brought on by the quick shift to remote work. SailPoint polled 9,000 people in six nations—the US, UK, France, Germany, Australia, and New Zealand for its research, "The Cybersecurity Pandora's Box of Remote Work." The poll attempted to ascertain the various security concerns affecting enterprises as they have switched to a remote work environment by asking the respondents if they have been working remotely since the start of COVID-19.
Since the epidemic started, 36% of US respondents who reported working remotely stated they have been working full time (30+ hours per week). Even more, individuals were working remotely in other nations, including 51% in the UK, 49% in New Zealand, and 52% in Germany. During the covid-19 pandemic, the attacks on remote working increase almost 50% and criminals exploit the vulnerability of remote working employees by sending malicious fake corona-related websites. The City of London Police reported that since January 2020 more than GBP 11 million have been lost due to COVID-19 scams. The following are some types of attacks employees face while working remotely.
Phishing Attacks
In the first six months of remote work, over half (48%) of respondents in the US reported being the subject of targeted phishing emails, phone calls, or texts. For the other nations included in the poll, that proportion was almost the same, if not occasionally greater. Additionally, 9% of Americans said they had one or more such attacks per week, compared to a significantly greater percentage in several of the other nations.
Password Sharing
Some remote workers have to share their passwords with others to complete some specific tasks quickly. 23% of respondents in the US acknowledged sharing their work passwords with friends, roommates, or other third parties. The percentage was similar in other nations, although it reached as high as 25% in France and 26% in Australia. Failure to use a password at all or to regularly update your password are both potential pitfalls. 20% of people in the US reported changing their computer password in the previous month. However, 18% of respondents stated that their computers are not secured with passwords and 14% stated that they never updated their passwords for more than six months. A far smaller percentage, between 2% and 4%, of PCs in other nations, lacked password protection. However, a far greater percentage of employees between 39% and 49% never updated their passwords for more than six months.
Weak Passwords
The persistent use of weak, insecure, or recycled passwords and login credentials poses one of the largest hazards to businesses' remote workforces. Cybersecurity software and technologies like firewalls and virtual private networks are rendered useless if safe passwords are not used (VPNs). Hackers may now use software to access critical company data and crack account passwords.
File Sharing
File Sharing services are frequently used by remote employees to distribute files and documents to their coworkers. When kept on business networks, these data are probably encrypted for security. However, the same degree of protection might not be applicable when shared remotely. Sharing confidential information using file-sharing applications exposes data to hacker interception or theft, particularly when the data is in transit. Data theft, identity fraud, and ransomware assaults are security incidents that can occur as a result of the loss of valuable company data.
Unsecure Wi-Fi
Corporate Wi-Fi networks are normally safe because strong firewalls guard them, monitoring and preventing unwanted traffic. However, distant workers may use unprotected Wi-Fi networks to access company networks and systems. For instance, the majority of individuals frequently update the antivirus or firmware on their smartphones, but they seldom ever do the same for their home routers. As a result, their home network may be exposed to a data breach, endangering the confidentiality of company data.
Using Personal Devices
For those who work from home, maintaining a clear separation between your personal and professional life can be difficult. That surely holds true for the gadgets in use. Only 17% of respondents in the US claimed to utilize equipment that was provided by their company. In other nations, where half of those polled claimed to use employer-provided technology to work from home, the results were different. However, a sizable portion of remote employees in the European nations stated that they use their gadgets for Internet shopping and personal email checking. Businesses had to turn on remote work very immediately after the epidemic started.
How to Stay Secure: Some of the Best Technologies.
The COVID epidemic made it more urgent for businesses to provide tools and solutions that enable workers to do business safely outside of the office. For employers, some work-from-anywhere cybersecurity advice is as follows:
Zero Trust Network Access (ZTNA)
The ongoing verification of all the devices and users is required because it is compulsory to access the company applications and data for the hybrid workforce to work continuously. By adopting zero-trust access, Zero Trust Network Access (ZTNA), the network administrator can safeguard company networks, and applications. Top use cases or ZTNA are Securing remote access to private applications, secure multi cloud access, replacing VPN and MPLS connections, and limit user access. Moreover, ZTNA works on principle of “never trust, always verify”. So, There are five principles of zero trust, according to the book Zero Trust Networks:
Always consider the network hostile.
On the network, there are both internal and external dangers constantly.
The presence of a local network does not guarantee reliability.
Every device, user, and network flow should be authenticated and authorized.
Have dynamic policies that are determined from a wide range of data sources.
Data Loss Prevention
There are more chances of data loss or data theft while working remotely. Organizations can apply Data Loss Prevention (DLP) systems which is a system to secure their data from being damaged, theft or unauthorized sharing. They can prevent parties from accessing sensitive data, which is essential for internal security and observing ever-stricter data privacy requirements. The three basic types of DLP are network DLP, endpoint DLP, and cloud DLP. Some use cases of DLP are;
Maintain the privacy of personally identifiable information (PII) and abide by all applicable laws.
The importance of protecting intellectual property to the organization.
Obtain data visibility in big businesses.
Protect the workforce on the go and uphold security in BYOD (bring your own device) settings.
Securing data on distant cloud platforms.
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM) is the system that helps organizations to minimize the risks associated with remote working. With the use of technology, organizations are now able to prioritize and investigate warnings related to suspicious conduct in addition to keeping up with the expanding flood of hostile activity. SIEM also allows for the analysis of security events that enable to detect and response to threats immediately. Some top SIEM security products are;
Sumo Logic
RSA NetWitness Suite
AlienVault Unified Security Management
MacAfee Enterprise Security Manager
Multi-factor Authentication
Multi-factor authentication (MFA) is a layered approach used to secure online accounts and the data in those accounts. When you enable MFA in your online services (like email), the service won't let you access it unless you submit a combination of two or more authenticators to prove your identity. Your account is more secure when MFA is used rather than just a username and password. According to Microsoft, users that use MFA have a considerably lower chance of being hacked. Because the unauthorized users won't be able to fulfil the second authentication criterion even if one element (such as your password) is compromised, they will be prevented from accessing your accounts. Some examples of multi factor authentication are Fingerprints, facial recognition, Software tokens and certificates, Access badges, USB devices, Smart Cards or fobs or security keys.
Encryption
Data on business networks and conversations between workers who work remotely are protected by encryption. Data is converted into ciphertext that can be read or decoded only by the sender and receiver. This makes sure that even if a hacker manages to intercept the data, they are unable to access the original content. Because encryption can demonstrate that data has not been changed from its initial form, it aids companies in ensuring data integrity and authenticity. Some software tools and products for encryption are: AxCrypt, CryptoExpert, CertainSafe, and FolderLock.
Best Practices to Secure Systems Physically
The following are some best practices to secure your system physically in public while working remotely.
Never leave your devices unattended in public places
Apply a strong password to login into your system whenever needed. While applying username and password, make sure no one sees most importantly on mobile devices.
Back up your files regularly to prevent your data from being lost.
If you have sensitive information on your systems, then encrypt information to make it secure.
Configure your mobile devices so that they can be managed in case of system loss.
Always lock your computers in a desk or other pieces of furniture at your remote working place.
We are now aware of the risks of working remotely and what precautions to take. Kitameraki can help you to ensure and strengthen your business's security. Feel free to contact us.