Vulnerabilities, from poor data hygiene to weak authentication, can be further amplified during times of crisis when some, or even entire workforces, may be working from home. Here are some quick ways to prepare employees for remote working conditions:
Communicate the importance of corporate data
Employees understand the value of personal identifying data, like a credit card number or SIN, but do they view corporate data the same way? According to Gartner, the potential harm of insider threats at banks, for example, can be the same, if not greater than threats of external nature. Organizations need to educate their employees on the importance of practicing adequate data hygiene when operating remotely.
Suspicious emails, even originating from internal users, need to be triaged to ensure their validity – especially when they contain strange attachments or vague context. Cybercriminals can compromise one account to enter a system before going after their actual targets. Known as ‘spearphishing attacks,’ these attacks can even originate via SMS.
To ensure outgoing data or sensitive information remains intact, employees need to be educated on the importance of encryption. Encryption is an effective way to keep the integrity of messages – to make sure only intended recipients have access. Offering a flexible suite of different ways to send securely, or even enforcing encryption via encryption policies, means secure messages are never rendered undeliverable or, worse, be sent in the clear.
Do they know how to use the video conference? Can they share files remotely? Do they know how to create a group discussion with their teammates? What if their laptop fails – is there a help number they can call? – President of Global Workplace Analytics
Teach the security basics
As more workplaces move to employees’ homes, so does the business which they conduct. With the recent Coronavirus Disease 2019 (COVID-19), for example, businesses across the planet saw an immediate need for overnight digitization to nearly every business line. For Aviva UK, this meant pushing more of its customer service options online to take the strain off its call centres. The UK insurance giant explains on their website that following their government’s decision to encourage its citizens to work from home, they now encourage more customers to manage their accounts online via their app or by email as an alternative to calling.
But, from exchanging sensitive business agreements to delivering a tax return to something as simple as answering a customer query, there is going to be a lot of important data changing hands. Employees working from remote locations need to understand the importance of communicating this information clearly, safely and seamlessly with customers.
According to Kate Lister, the president of Global Workplace Analytics, as reported by The Washington Post, organizations pushing remote workplaces need to teach their employees everything down to the basics to ensure they follow proper organizational protocol. “Do they know how to use the video conference? Can they share files remotely? Do they know how to create a group discussion with their teammates? What if their laptop fails – is there a help number they can call?” said Lister.
90 per cent of all cyber threats originate with email – Gartner
Warn users of suspicious links
From strange pop-ups to emails originating from unknown senders containing links to malicious sites, phishing is a chameleon crime which can assume all shapes and sizes. And, according to a recent Gartner report, 90 per cent of all cyber threats originate with email – making phishing one of the most significant threats affecting contemporary digital business.
Any employee working remotely needs to understand the real threat phishing poses. Whenever they are working remotely, an employee should always question any suspicious link, even from their personal email if they are working on a personal computer. Encryption should always be applied to any outgoing messages containing sensitive information.
According to Nicole Coughlin Raimundo, the CIO for the Town of Cary, a tech hub in North Carolina, as reported by CNBC, on account of the COVID-19, whose initial outbreak forced the majority of American firms to immediately explore digital alternatives to physical workplaces, she’s seen an uptick in phishing campaigns targeting remote employees. “As part of our work-from-home guidance, we’re continuing to encourage staff to be vigilant and exercise extreme caution when clicking on outbound links,” Raimundo said.
Use strong authentication and passwords
While complex passwords, paired with usernames, are a common go-to for organizational authentication, they are quickly becoming obsolete. To combat this growing issue of authentication, organizations are now demanding established and tested Multi-Factor Authentication (MFA) methods for verifying users are who they say they are.
In addition to educating employees on the importance of password complexity, organizations need to ensure adequate MFA systems are protecting their digital gates. Echoworx, for example, can employ policy-based MFA to ensure recipients are who they say they are before they are granted access to an encrypted message. In an age of zero trust, where anyone connecting to a digital system needs to be verified, MFA is an adequate safeguard.
Passwords can be weak and security questions such as “what is your mother’s maiden name?” – can be easily cracked.
Secure connections to prevent eavesdropping
A public wi-fi network can be a honeypot for employees working remotely. Whether they are installing themselves at a local coffee shop or just quickly checking their email on their mobile device, there are various reasons for connecting to a public wi-fi. While most public wi-fi connections may be perfectly safe, they should be avoided for the mere reason that they are easy to monitor – and may even be set up by malicious actors to collect information, from logins to personal data.
In addition to only working on trusted networks, employees should be connecting to a company-instigated Virtual Private Network (VPN). A VPN works to route a device through a private server, so that any data transmitted is sent via the VPN rather than from their personal device.
Build strong firewalls and update security software
As a first line of security, a firewall paired with up-to-date security software, protocols and other preventative measures is a must for employees operating remotely. In addition to repelling attacks, or at least discouraging them, providing employees with the tools they need to practice proper data hygiene can enable them to identify and prevent security issues from becoming vulnerabilities for an organization.
Implement a BYOD policy
The Bring-Your-Own-Device (BYOD) culture is an inevitable feature of digital business. As more employees work remotely, there is an increased demand for them to use their own machines. But before they connect to company networks, and access company data, their devices need to be vetted, updated and secured by IT departments. This ensures that the computers, smartphones and tablets they use to connect to an organization are not going to pose vulnerabilities.
By Wen Chen, Senior Manager IT and Customer Support at Echoworx