Managing the Cyber Risks of Work from Home (WFH)
Across the world, companies and governments are rapidly taking responsible measures to protect the health of their employees and citizens—including asking people to work remotely.
Sales, Accounting, operations, human resource staff, the C-suite, and other workers are logging into company sites applications, attending online meetings, webinars for trainings and accessing sensitive company data via the internet—in many cases through their home computers and private mobile phones.
While digital tools offer excellent support for work from home workers, shifting work patterns on such a massive scale can have serious unanticipated implications for IT and cybersecurity. Is your company adequately prepared for the changes in your cybersecurity risk?
Consider the implications of workers clicking on an ad promising a COVID-19 cure, vaccines or drug, or opening an email attachment—from what appears to be a legitimate health agency offering pandemic updates—that embeds software designed to compromise security. Or what if a worker is manipulated by social engineering techniques to follow instructions from a cybercriminal claiming to be from the employer’s IT support or help desk.
Does your company have adequate provisions in place to prevent workers from downloading malware that could be used to collect passwords providing access to payment systems, personnel records, personal customer data, intellectual property, and other important assets?
By implementing several practical training, process, and technology measures, companies can avoid adding a cyber crisis to the challenges associated with COVID-19 and lockdown impact. There are recommendations to companies to take the following seven steps to protect their corporate assets. These recommendations will strengthen companies in running their operations without additional burden of a security incident and wasting productive hours in managing those security breaches and focus on sustaining and increasing the sales and revenue of the company.
Seven recommendations to protect against Cyber risks during Work from Home operating model:
- Assess Core IT Infrastructure For Remote Working
- Endpoints- MAC Address record +Access only to authorized users.
- Connectivity- VPN + MFA, Shift to WVDI- faster and safer in comparison with VPN.
- Enterprise Infrastructure- Configure core infra assets to accept remote connections, increase the capacity if require.
- Secure Applications and Devices for the Remote Employees
- Encrypt and install firewall in all the end point devices
- Secure Access to company systems- IT should monitor the logs.
- Make sure cyber-incident response processes are robust tried and tested.
- Install remote-collaboration safeguards
- Embed Cybersecurity into Business Continuity Plans
- Guarantee emergency Security Access
- Train backup teams and enable remote support
- Put clear communication plans in place
- Capability to rewrite policies and process and adopt rapidly.
- Make the Newly Remote Workforce Aware of the Added Security Risks
- Train workers to use new tools and features securely
- Establish protocols for remote workers to authenticate each other.
- Prepare a guidance library, best practices
- Establish Protocols and Behaviours to Prepare for Secure Remote Working
- Increase the capability of helpdesk, train them. MFA for remote control etc.
- Explicitly define ways to work remotely
- Document, announce, and provide for remote meetings, digital collaboration, and file sharing
- Embed Cyber security in Corporate Crisis Management
- Update cyber crisis management plans
- Ensure that mission-critical technology and personnel are always available
- Provide frequent, coordinated cyber security announcements
- Update Access and Security Measures
Executives and other key staff who handle sensitive data are particularly critical but often less familiar with technology and its risks. Cybersecurity and identity management teams should limit their access and provide upgraded security measures to reduce the risk of compromise. Following measures can be implemented for strengthening the control for C-Suite Executives:
- End point Encryption, Password best practice, Create 2nd network separate from personnel network
- Two factor authentications (Mail, VPN, VDI, ERP, core apps)
- Implementation of Anti-ransomware, EDR on the laptops/desktops, backup of the critical, sensitive data.
- Extra monitoring of their email flow (In, out)
- Suggest and train family members to handle social activities cautiously
- Verify all financial communications before acting on the mail-based funds transfers, check email address and report if looks suspicious
- Do not open unsolicited attachment and mails.
Cyber-attacks are like the COVID-19 virus itself. Patching your systems is like washing your hands. And not clicking on phishing emails is like not touching your face.
Taking these relatively straightforward steps at both an enterprise and individual level should help address some of the most common security risks facing our home-working environments. We should also recognize that our threat environment is not static, which means it’s important to keep a close eye on evolving threats to avoid unnecessary additional costs and disruptions in a time when we can least afford them.
The necessary technologies, digital tools, and procedures for mitigating the cyber security threat are available and can be implemented in a holistic and comprehensive manner with modest effort and expense.