The global COVID-19 pandemic impacted people greatly and upended life as we knew it. The one universal implication that it had for businesses across the world was forcing the immediate transition to remote working for nearly everyone. Since then, working from home has essentially become the norm for many organizations and professionals across industries.
Unfortunately, not every business or enterprise was ready to shift to this new remote working reality overnight. What this means is that a lot of businesses are still either not adequately equipped with the infrastructure to enable remote working, or they don't have requisite processes in place that make the new way of working feasible and effective.
Another problem that arose in the wake of COVID-19 and increased remote working was the sudden spike in cyber-attacks the world over. Cyber criminals love it and rub their hands in glee as more people leverage the internet to work remotely, sometimes working with sensitive data on unprotected home networks, shared computers, and routers.
Sadly, many organizations still do not provide their remote workers with cyber security basics like patched and up-to-date VPN servers to combat cyber-security threats, leaving a vibrant playing field for cyber criminals to revel in.
It's Necessary to Make Remote Working Secure
What organizations need to recognize today is that making remote work secure is imperative, and it’s also not difficult to do. You can follow a checklist and simple best practices to make remote working from anywhere secure.
As the private sector and governments continue to rattle their brains over the best ways to grapple with evolving cybersecurity threats, one thing is clear – remote work is here to stay.
So, it’s best to look into the least complicated and most effective ways to make ‘working from anywhere’ secure for businesses, employees, and individuals.
Cybersecurity Checklist to Secure Remote Working
At the height of the Covid-19 pandemic, Cyber Management Alliance developed a handy Remote Working Cybersecurity Checklist to help businesses protect themselves and their customers’ sensitive data and information that is still useful today.
Here are basic cybersecurity tips and best practices to help you fortify the security infrastructure of your business and facilitate your employees to work from anywhere securely!
1. Basic Awareness Building
This action is the easiest to take, yet it’s also the easiest to overlook. An email, a quick video session, or a weekly newsletter - any convenient and cost-effective medium can be used to sensitize employees on a regular basis about the security threats that loom large, how they can be trapped by malicious actors online and what they can do to keep their work and their jobs safe.
Start the remote cybersecurity awareness training by going over some simple principles: remind staff not to share their work devices with their children or spouses, inform them that their activity is being regularly monitored, encourage them to use password managers and to never share their passwords on email or messages. Also, send workers regular reminders to update critical software etc.
2. Phishing Emails
Speaking of awareness building, phishing emails are the number one source of the majority of cyber-attacks that take place globally. It is usually an unsuspecting employee that clicks on a malicious email, and that’s all cyber criminals need to enter into your computer network.
All staff have to be made well aware of the dangers and methods of preventing phishing, SMShing, and Vishing – especially when it comes to links and documents with business related information. They must also be encouraged to report malware infections and suspicious activities promptly.
Most importantly, you must create a culture where the staff feels safe in reporting or owning up to any mistake they may have inadvertently made that could lead to a phishing attack, such as accidentally clicking on a malicious-looking link or opening a suspicious email attachment. They must also be very cautious about pop-ups when surfing the web.
3. Online meetings and calls
Remote working not only entails sending multiple emails throughout the day, but also making multiple phone calls and video conferencing regularly as well. While technology has made collaborating remotely with anyone across the globe a breeze, it has also laid out interesting new boobytraps along the way.
Employees must be cautioned against the dangers of discussing confidential information from their homes while their smart speakers (Amazon’s Alexa, Apple’s Homepod, Google’s Home, etc) are active and enabled.
Educate staff to not leave their machines unsecured and even not to leave their webcams unblocked — cyber criminals could be using you camera to watch you without your knowledge. These are just basic cybersecurity hygiene checks that everyone must be familiar with as virtual meetings and online interactions become the norm.
4. Policy and Exceptions
If as a business, you don't have a remote working cybersecurity policy yet, put one in place pronto!
Employees must be aware of the company’s Acceptable Usage Policy — they should know what is unacceptable and what activities will be treated as illegal on corporate machines and computer networks.
It is also important to have an ‘exceptions’ register as well as a list of things that can never be made an exception. The idea is to offer as much clarity as possible to the staff so that they don't make mistakes out of sheer negligence.
5. Managing Security Incidents Remotely
One of the perils of working from home perpetually is that people in the organization start to become complacent about reporting incidents and issues. From a visibility point of view, the support department may not know that there is ongoing suspicious activity on a particular person’s system.
To address this challenge, it is imperative that employees are regularly trained in cybersecurity best practices and are also fully familiar with incident-reporting procedures.
In addition, key members of a business or organization (including management and technical leaders) must be familiar with the basics of incident response in case an imminent threat turns into a real attack.
Furthermore, it is also crucial that businesses start investing in regular testing of their incident response plans to ensure that when a crisis does strike, employees working from their respective remote locations know what to do and how to collaborate remotely to best mitigate the impact of the attack.
6. Privileged Users
IT staff and other privileged users in a business or organization have to be made aware of the additional cybersecurity risks, responsibilities, and security expectations they have as they work remotely.
That is because cybercriminals tend to target holders of privileged accounts more due to the access they can get by simply compromising a privileged account that has a higher and broader level of access controls.
Privileged users must, therefore, not use their privileged accounts credentials for daily tasks if they can avoid it as it increases the risk of those accounts being compromised one way or another.
Moreover, two-factor authentication has to be made compulsory for privileged accounts without any exceptions due to the added risk on the accounts.
Taking the above steps is a proactive way to ensure that your employees are able to work from anywhere they like safely.
Remember, cyber criminals are determined to find vulnerabilities in your business and nobody is safe! The only way to prevent, or at least ensure minimal impact on your business is to stay vigilant, prepare, and act swiftly to curb cyber threats and attacks.