The 6 Key Cybersecurity Risks of Working from Home
All of 2020 will have been one of the most remembered years in recent human history. Since World War 2, there has likely been no other event that has impacted billions of peoples worldwide in ways that perhaps we all wouldn’t have been able to comprehend before.
How we have had to adapt has essentially been forced upon us and so many businesses have had to think about how they operate to survive.
The global workforce has been forced to change the way in which it functions. Millions of people across the world have had their working practices disrupted/changed in order to adhere to the social distancing requirements. This has meant that many people are now working from home and, therefore, in many instances, using their own devices/networks to connect to company systems/data.
On the surface, this may not appear to be an issue. However, the reality and risk of cybersecurity by working from home can be immense.
Remote working has increased the cybersecurity risks for companies as its highly likely that the rigour and nature of security will not be as robust as enterprise networks. Hackers are people that thrive on opportunity and vulnerability. They will arm themselves with a myriad of tools (automated and manual) to scan networks, servers, users and general data. If they can locate a vulnerable system, they will precision-focus on that asset and aim to expose the weakness. This act then becomes the source of the cyber-attack, which then escalates to severe impact to the user, data, and business.
What can businesses do to protect their users and assets whilst they work from home?
How can you have a home-working mobile force and still ensure your cybersecurity practices are followed? How do you quantify and qualify the risk to your business by switching to working from home? Teck Genius has worked with over 40 companies in the past 12 months to answer and address these very questions.
1. User Training and Awareness: Our users are our most effective defence but can also be out most extensive vulnerability. User behaviours and actions are one of the top reasons why and how compromises occur. Social engineering and the draw/attraction of online offers and gifts often direct people to dubious websites that only exist to dupe and steal information. Therefore, having a structured user awareness and training program within your company can pay dividends in cyber-threats and cybersecurity awareness.
2. User Access and Security: As a business, you must assume that a user’s credentials and access will get compromised. Appreciating this event and profiling its risk and impact is probably one of the best ways to quantify and mitigate its effects. Therefore, password security and access security must be robust. The implementation of a 12 character alphanumeric (with special characters) password policy with an x day password change requirement will go along way in reducing the risk. In addition, enforcing MFA (multi-factor authentication) to user sessions can further reduce the use of any compromised credentials.
3. User Device and Security: Many businesses have explored the BYOD (bring your own device) concept with their users, and whilst there has been some success with their adoption, the underlying risk of unmanaged devices remains significant where cybersecurity is concerned. Having a robust access mechanism from managed devices can significantly reduce the attack and threat vector on your business.
4. Network Access: Working from home has called upon users to connect their devices to home networks which generally do not have stringent security configurations. This poses several risks in terms of Wi-Fi and network packet snooping. Would-be hackers could circumvent your network security and monitor the traffic and, therefore, data and credentials. The use of a VPN is always encouraged/mandated in these scenarios and does address security concerns. The added benefit of this capability is that you can manage and monitor traffic and detect any suspicious traffic.
5. Data Backup: Every business is only as good as its recoverability, right? Let’s say, for example, your company data and systems were compromised, and all of your data encrypted with ransomware. How would you recover? What would its impact be? Generally, it would be a disaster and could be the reason why your business folded. So, ensuring you have a backup schedule across your servers, storage, and applications is imperative for your business to recover from intentional or unintentional data issues.
6. Email and Browsing Security: A significant amount of cyber-attacks stem from the internet. Therefore the way to encourage a user to get on to the internet is to communicate to them in email and dupe them into clicking a link that directs them online. At home, there is limited, if any, protection on checking where the link takes you, and so the risk of compromise is significant. By having proactive detection software across and within your email system and also implementing a web security filter, companies can further reduce their risk of compromises.
Teck Genius offer leading-edge managed cybersecurity services, and we can help with shaping and implementing your cyber strategy. Our history and experience have allowed us to create standardised solutions and services that address many of the risks your business may be exposed to. For further information, please contact us here