Coronavirus pandemic as we know has forced companies to request staff to operate from home. While this is slowly becoming a new normal, remote work comes with its own challenges. On one side, there are numerous psychological issues that staff have to deal with in order to stay productive and meaningfully connected to the team and overall work objectives.
On the other side, apart from these problems that staff has to deal with at individual levels, there is a more important challenge that is organizational in nature and yet needs to be handled with care at an individual level. That is the challenge of maintaining high levels of security while the staff is working from a different location and using unfamiliar networks unknown to the existing security infrastructure.
As every computer lies exposed to various phishing and cyberattacks, it is individual’s responsibility as much as an organization’s to follow certain simple and basic rules which should help you in not compromising the company’s security, ensuring safety and protection of critical and confidential information.
Security aspects to Keep in mind while working from home
There is no limit to how much you can spend on company’s security. But despite huge investments in security, there remains a loophole leaving your precious digital assets to risk. According to a new research by ISACA, a global association, only 51 percent of technology professionals and leaders are confident that their cybersecurity teams are ready to detect and respond to the rising cybersecurity attacks during COVID-19.
Hence, before blowing millions on the overall security, a strong security awareness culture inside organization can go a long way in saving cost and also confidential and critical data. Below is the list of some of the security risks while working remotely or otherwise and brief explanation on how to address them without spending a bomb on your security measures.
1. Boost security awareness with mandatory training
Security awareness within the four walls of the organization has been dealt with efficiently over the years. There are lots of best practices available which are followed as mandatory guidelines for each active office computer by the IT heads. Many of these security checks happen in the background without an employee’s notice.
However, the unprecedented events such as COVID-19 pandemic and lockdown are something that you can never prepare for in advance. It’s a new situation to handle for the company’s IT team as well as staff are working from home. Hence, the new security guidelines training should be made mandatory for every employee to get them on the same page with the company’s security policies.
There should be a dedicated platform and helpdesk to address employee queries around security while working from home. Some misunderstanding such as having an antivirus installed on home machines should magically keep the machines from any kind of cyber attacks, can be addressed on these dedicated platforms making employees more aware about the threat the company is dealing with.
2. Stay alert to Phishing attempts & cyber attacks
Phishing is a popular method amongst cybercriminals to steal money or sensitive data. Almost 90% of successful cyber attacks are carried out through this tactic which involves email spoofing or instant messaging often directing users to fake websites.
Covid-19 and lockdown come in as a golden opportunity for online criminals as millions of people are using unsecured networks while working from home. For most companies, it’s a worst-case cybersecurity scenario as many computers with sensitive company information lie open to exploitation by opportunistic cybercriminals.
Covid-19 related fake emails are on the rise as hackers are using fears of the pandemic to still personal information. Hence, it is essential that staff are constantly advised and updated about the latest phishing techniques by making this information public on a company intranet or other collaboration tools the company is using.
Staff should be encouraged to immediately inform the IT team about any suspicious activity. Additional email security controls such as DMARC should be made mandatory so that company can identify and block the suspicious attacks proactively and prevent the mishap from taking place.
3. Using Virtual Private Network
VPN or Virtual Private Network was already followed by many companies for its remote work employees in a limited capacity. VPN creates a virtual tunnel between an employee’s device and the company’s network. This tunnel goes through the public internet but the data sent back and forth through it is protected by encryption and security protocols to help keep it private and secure.
However, the Covid-19 pandemic has stretched the use and need of corporate VPN to new scales which are hard to plan and sustain. Many companies had no foundation to suddenly raise VPN infrastructure to handle the entire organization working remotely.
In addition, we can encourage staff to work at different times to spread the use of VPN and its capacity. A practice such as using single user credentials to login by multiple staff should be strictly avoided. It will only expose the company further, making it more prone to cyber-attacks.
4. Secure files by using online File Management System
Having a streamlined online file management system to store work-related files is always a good option to have. This should be followed as a mandatory practice and employees should be discouraged to store work-related files on laptops and computers. Any file lying in local space is prone to be stolen, encrypted, or deleted if the machine is ever compromised.
Having files stored on secure cloud infrastructure ensures that the file is protected with an extra layer of security. The infrastructure can also be easily monitored automatically and the backup facilities will make sure that files will remain accessible even in case of a major calamity.
WorkMarshal’s inbuilt file management capacity along with other crucial features can help you store files securely making it accessible for everyone at a centralized digital hub. You can also control the access of files within an organization by applying restrictions of your choice.
5. Use Secured Collaboration Tools
The pandemic has forced organizations to adapt to remote work as the only solution in order to continue the business. In the absence of physical meetings, companies are trying a range of online collaboration tools such as Slack, Microsoft Teams, or Webex to keep the communication channels going.
These tools are important in keeping all stakeholders on the same page. There is also a boom in online video conferencing tools such as Zoom. However, having to adapt to these tools literally overnight without much attention to security has left a space for online hackers to exploit. The terms such as Zoom bombing which means hacking the private or public meeting on Zoom is now a federal offense. Online Criminals and pranksters have begun to invade video calls in Zoom to display adult content and provocative hateful imagery to participants.
There is also a huge question mark over security issues on applications such as Zoom. But the following measures can be taken to keep the collaboration safe.
- Always use the latest version of the software
- Keep the meetings password protected
- Never share meeting information on public platforms
- Take advantage of Host Control features
- Avoid transferring files in online meetings
Final Words – Maintaining Digital Hygiene
The Covid-19 health crisis has changed the entire definition of personal hygiene and forced us to make drastic changes to our lifestyle. ‘The New Normal’ is the popular term used to mention the current situation. Whether it is measures such as social distancing or wearing masks or washing hands regularly, we are forced to adhere to strict personal and social hygiene to curb the virus from spreading.
Similar to personal hygiene, as responsible professionals working remotely, we also have to follow certain digital hygiene protocols to safeguard the digital assets of the company we represent. Simple things such as shutting down the computer at the end of each day can go a long way in helping organizations being less prone to cyber-attacks. Having a strong password and changing the password regularly can be of good help too.
It’s definitely a tense time for people responsible for the company’s online security. However, at the end of the day, it comes to each individual staff to follow company guidelines and basic security protocols as mentioned above to stay safe.