Cybersecurity risks posed by remote work can be classified in three key areas: people, places, and technology. To prevent cyber threats, each of them has to be addressed in every home office. Here are the 5 of the most vulnerable areas to evaluate when setting up a safe and protected network connection for home working.
1. Multiple personal devices. Every internet-connected gadget is a potential hazard as hackers can utilize its vulnerabilities to gain access to personal or business networks. At home, employees may use a variety of electronic devices for work purposes: they could check workplace chats on phones, write emails on personal tablets, and access cloud services on a laptop. And even if the latter has sufficient protection, the former two may lack security layers needed to establish a completely secure connection. When the workforce moves to their home offices, enterprises should provide them with all the working equipment needed. If that’s impossible, predetermined security policies governing the use of personal devices for work purposes should be implemented.
“One of the imperatives for workers should be constant patching of their devices. Hackers are constantly on the hunt for software vulnerabilities, whereas vendors are trying to fix those bugs as soon as possible. However, if the end users fail to update their devices, exposures remain, and all it takes is one click or an opened file for cyber criminals to gain access. With a compromised device they are able to reach sensitive data on the corporate network,” warns NordVPN Teams’ expert.
2. Insecure infrastructure. Employees access data on company servers and the cloud using their insufficiently secured home networks. Even if enterprises demand staff to use virtual private networks (VPN) for a secure gateway, they are incapable of solving hardware-related issues. Consider Wi-Fi routers, for example: even if the connection is secured with a strong SSID password, the access to the router’s settings might be protected by a simple ‘admin’ parole alone. Also, domestic devices are usually protected by weaker protocols, such as WEP instead of WPA2/3, thus hackers can get their hands on the network traffic easier.
“The shortest password allowed on WPA2 protocol is eight characters, yet it should be 14-15 characters long to defend the network against brute force guessing. Most devices come with predefined 8-character alphanumeric passwords which are easy to hack”, says Gurinaviciute.
3. Increased data-sharing. Working on-site, employees share important data over the intranet and other internal network structures. Now all the information travels through the public internet with malicious actors around, increasing the risk of exposure. Cyber criminals can utilize numerous weak spots that appear along the way from the end user to the company servers. Employees share most important (or even confidential) information through emails and phones without being aware of it, and this calls for a secure digital perimeter. Workers should be encouraged to use VPN services and share files only through secured channels. Many businesses now rely on cloud-based solutions, however, they should also be warned that hackers leveraged increasing remote work loads and performed 7.5 million external attackson cloud accounts in Q2 of 2020.
“To mitigate the risks brought on by the increased online traffic, enterprises should implement zero trust privileges. This means that a user is granted access privileges for one particular task and they last only for the time needed to complete it. Therefore, if hackers compromise the credentials, they wouldn’t do much harm as they could only access a small fraction of sensitive data,” suggests Juta Gurinaviciute.
4. Susceptibility to social engineering. “2020 Data Breach Investigations Report” by Verizon finds that almost a third of the data breaches incorporated social engineering techniques. While antivirus software, firewalls or VPNs can take care of your infrastructure, they cannot be installed on the human brain and prevent social engineering attempts. Hackers forge emails from other institutions or impersonate colleagues (even the CEOs!) to get employees to open the corrupted file or click on a malicious link. At home, there’s no one to consult with and the load of digital information is bigger, thus people fall victim to these scams more frequently. Cyber criminals tend to trigger certain behaviors and emotions to encourage the victim to take action: consider, for instance, ‘the urge’, which is characteristic of most social engineering methods.
5. Complicated IT support. In office, the cybersecurity team and IT support is always at hand, so they can fix a problem immediately. Remote employees also require IT support, especially when considering the security measures they should take. Yet logistical challenges prevent the IT team from always being present. In the event of data breach, it is harder to act immediately, as security experts cannot stop all cyber attacks remotely. This can lead to devastating consequences. Kaspersky’s report shows that data breach costs $28K if dealt with immediately, and $105K if undetected for more than a week.
“Some of the breaches might go unnoticed for a long time, with ransomware gathering a company’s data, or malware compromising internal networks. On the other hand, sometimes an ongoing attack can be indicated by newly appearing programs which were not deliberately installed by the user. In some cases, the computer slows down, strange pop-ups flood the screen, or the user loses control of the mouse or keyboard. If any of these signs appear, employees should immediately inform the security team,” warns NordVPN Teams’ CTO Juta Gurinaviciute.
COVID-19 has set a new baseline for effective and secure remote work and many cybersecurity leaders have adapted to a ‘new normal’. Now it’s time to involve each employee in building an organization’s digital resilience and creating business value.
“Even if a company plans to move back to the office as soon as possible, WFH policy should remain intact. The investments made in these turbulent times, and the lessons learned, will contribute to lasting cyber resilience. Both IT professionals and employees have had a final rehearsal in shifting to the workplace of the future”, – says Gurinaviciute.
ABOUT NORDVPN TEAMS
NordVPN Teams is a cloud-based VPN for business from the world’s most advanced VPN service provider, NordVPN. NordVPN Teams has a full range of features to ensure convenience and powerful digital protection for organizations of all sizes, freelancers, and remote teams. NordVPN Teams offers advanced 256-bit encryption, secure remote access, malware blocking, two-factor authentication, unsecured traffic prevention, automatic connection on Wi-Fi networks, and 24/7 customer support. NordVPN Teams is available on all major platforms. For more information: nordvpnteams.com