Whether working from home or remotely, social distancing has grabbed headlines as one of the most popular buzzwords on the internet due to COVID-19.
Once the World Health Organization declared COVID-19 a global pandemic, the shift to working remotely became a reality. Governments forced all nonessential places of work to close up shop and recommended that all companies who can work remotely shift their employees to work from home model.
While remote work and social distancing have been essential in flattening the curve and the spread of the coronavirus, they open a Pandora’s Box of cybersecurity risks. By having employees work from home, organizations are forced to face the fact that employees’ devices are now the main way that they connect to their work resources. While this might not sound worrisome, it comes with many security risks, especially when coping with hackers and malicious actors.
With each passing day, we are seeing more and more hackers trying to take advantage of the COVID-19 situation to target remote workers with different attacks such as phishing, VPN vulnerabilities, and malware. According to CNBC, the rise of cyber attacks is occurring due to the fact that the majority of companies have implemented an entirely remote workforce.
Due to the increase of attacks, IT and security teams are forced to make quick changes to their security policies and best practices for their remote employees. The in-office, company-wide security policies and training are not accommodated for the new reality that hackers are trying to exploit. Now, organizations must depend on their employees to be on the front lines against hackers, making it essential that organizations strategize and plan out employee-friendly security policies.
To help global organizations’ remote workforces to learn more about the different security risks we co-hosted a webinar with SOSA, Leading Cyber Ladies, the Israeli Economic Mission to North America, and the Global Cyber Center of NY on April 1st. The panel of security experts included Sivan Tehila, Director of Solution Architecture at Perimeter 81 and Founder of Cyber Ladies NYC, Nicole Becher, Director of Information Security & Risk Management at S&P Global Platts and Guy Franklin, MD, SOSA NYC – Global Cyber Center of NYC. In this webinar, the panel of experts provided their insights on the number of cyber threats facing everyone while working remotely and how organizations should protect their data, resources and remote employees. Watch the entire webinar on-demand below.
Throughout the webinar, the panel of experts provides great insights into the different kinds of attacks remote workers can face on a daily basis. However, we would like to highlight the great security tips they provided throughout the webinar. You can find them below:
One of the most important tips that we can provide to organizations is to update their business continuity plans so that they can adapt to the always-changing landscape of uncertainties. When thinking about the rise of remote workers, organizations need to strategize and plan out how to keep their business afloat while staying secure.
Take a closer look and assess risks and response technology to decide if you are prepared enough for the new changes in cybersecurity planning. This is an important tip as this division of a business must provide a quick and immediate assessment period.
One of the most common mistakes that employees can make is using weak passwords. When passwords are not set using the correct best practices, they can be easily stolen by hackers. The use of weak passwords can easily be resolved by educating employees about what makes a strong password and the role they play in keeping hackers away.
Additionally, organizations should enforce the usage of a 2FA solution. Two-factor authentication (2FA) ensures that, in addition to usernames and passwords, the second layer of verification such as an SMS code is required. By adopting stronger passwords and 2FA, employees will be one step closer to working more securely.
When experts think of the most common attack on organizations, phishing is the first thing that comes to mind. Phishing is the easiest way to attack an organization’s employees due to its low cost and familiar presentation as an email. The process is simple; hackers begin by emailing employees an official-looking email that requests that they send them critical information from their work device. Despite it being one of the oldest ways to hack an organization or a user, most phishing emails can easily fool employees.
To avoid such phishing attacks, they suggested educating employees to always double-check the email address, the tone of the email and the request itself.
Educating employees on the importance of remote security will help them understand the impact they have on their organization. Implementing a security awareness program is a crucial step for organizations’ remote security planning efforts.
The program should cover why security is a joint responsibility for everyone from management to employees by providing clear examples of their roles in the organization and how security may be affected. The mistake of employees often thinking that the responsibility of the organization security solely falls on the security team is dangerous, but with the right education and real-life examples, employees will understand the importance of working remotely the right way.
As most companies have become fully remote during this time, the need for secure remote access has become a must. While you might turn to traditional VPNs in order to access company resources, they are not the right solution to attain policy-based secure remote access today. Traditional VPN services are not scalable for organizations moving their entire workforces remotely and they lack network visibility, which opens the door for hackers to breach an organization’s network and critical resources, without any warning.
Instead of adopting a traditional VPN for remote access, you should look towards a solution that is based on the SDP architecture and the Zero Trust model. By Implementing a Software-Defined Perimeter solution, IT managers can customize permissions for those employees who need access to specific parts of the organization’s network. Additionally, by adopting the Zero Trust need-to-know model, each remote employee will receive tailored secure access to only the resources necessary for their roles.
As we see remote work becoming the norm for organizations moving forward, it’s important to think about the different risks that employees are facing on a daily basis. While some might believe hackers are thinking outside of the box with remote workers, they are actually targeting remote employees with the simplest and most effective of attacks.
Looking into the future of business, security teams should adopt a mix of user-friendly security solutions and engaging employee security awareness programs. These are the first basic steps in the direction for total security for remote employees.