CyberSecurity 101 – Part 3: Working Remotely
This series of articles will explore cybersecurity concerns in the modern workplace. We’ll explore the myriad of potential risk factors facing today’s organization, and look at tools and solutions to help your company fend off the bad guys.
In this entry, we offer a primer on how to work remotely (something that many of us are doing at present) while protecting your company systems and data, minimizing exposure to cyber-threats.
As more companies are encouraged or mandated to have their staff work from home, organizations must keep their sensitive data safe and their systems secure and functional. Recent events like the COVID-19 (coronavirus) outbreak have accelerated the work-from-home trend. Companies are restricting their employees from traveling to and from work in favor of a virtual office environment. When implementing a fundamental change such as this, employers need to have policies and procedures that require employees to abide by specific protocols. These policies will protect end-users from both existing threats and new vulnerabilities that can arise in a network perimeter.
Here at Datacate, we are observing a dramatic increase in the use of remotely connected devices for business since the COVID-19 outbreak. Even though this methodology confers a range of benefits, the trend towards remote work can expose organizations to new security risks such as identity theft, ransomware, and virus/malware attacks. An organization can suffer damaging outcomes if end users do not operate in a secure remote computing environment and utilize the best cyber-hygiene tactics. With the world now facing this new reality, it is unquestionable that we will see greater deployment of remote computing on a full and part-time basis. Considering these circumstances, employers must consider it mission-critical that they implement strong digital security practices and provide the right tools to protect against a range of hazardous threats. We may be in it for the long-haul; working from home may be the new normal for a lot of organizations.
Turnkey Solutions Are Needed
Organizations need remote work solutions that enable their team to get the most out of business communications and productivity tools. They are also looking to simultaneously free themselves from the headaches and cost of deploying and maintaining such an infrastructure.
An ideal solution will centralize all major technology groups under a unified cloud system to modernize and streamline their telephone, email/messaging, workgroup software, and mission-critical applications. This approach will yield a complete virtual office environment, available to be utilized from anywhere, at any time. This state-of-the-art technology must operate at high-performance levels and provide a seamless end-user experience.
Protecting Data Is Vital
With the evolving response to the COVID-19 (coronavirus) outbreak, enterprise-level VPN servers will now become paramount to a company’s operation. As organizations begin to roll out telework arrangements, more security vulnerabilities may be exposed, attracting intrusion attempts by malicious cybercriminals. Absent a VPN, offering remote access to servers and data may create a relatively easy vector for hackers to access your corporate and personal data. Some organizations may only be able to support a limited number of VPN connections, and with this decreased availability, critical business operations can suffer. Vulnerabilities can be caused by end-users working from an unsecured or inadequately secured Wi-Fi connection, or not using the full benefits of multi-factor authentication (MFA).
Be aware of phishing emails
Phishing emails are a common way to extract sensitive information from unsuspecting users. Phishing emails may appear to be official communications, but they are not. In disruptive times like these, attackers will take advantage of confusion in an attempt to fool users into providing access to sensitive data and systems. One recent example involves identity-theft criminals pretending to sell face masks, hand sanitizer, and even toilet paper online as a ruse to steal credit card information from desperate individuals and companies. End users can avoid getting stung by not opening any email attachments or clicking on any links that seem suspicious. Overall, everyone should be wary of any content referencing to trending topics like the COVID-19 (coronavirus) outbreak that includes requests for credentials, payment info, or contains attachments or links that are unusual or not expected.
Browse with security protection
When setting up your remote work environment, IT professionals must ensure that it is up to date with the latest security features, such as privacy tools, antivirus/antimalware, browser updates, and other measures across all your devices. Ensure that your antivirus has a current subscription and is receiving regular updates, including its latest virus signature database. Keeping everything up to date is one of the primary ways to help protect you and the organization against any hazardous risks, as well as help identify malicious websites while browsing.
Regularly change cloud passwords, and use multi-factor authentication
Use strong, complex passwords for all devices and services. To create a secure password, you can think of a memorable sentence and use the first letter of the words to create your password. Even better, use a random password generator tool, and set the password length to sixteen characters or more, with a mix of upper- and lower-case letters, numbers, and symbols (where allowed). Consider using a reputable password manager for safe storage of complex passwords.
Using multi-factor authentication (MFA) is a more secure way to access work applications. Authentication systems that ask you to verify who you are by retrieving a code from a device that only you have the possession of (i.e., your smartphone) or use of hardware key can enhance the security of your credentials. These multiple factors will help confirm your identity and grant you access to confidential information. Organizations should consider enforcing MFA, and anyone under their umbrella should comply, especially when it is time to change their cloud passwords.
With many of us relying on emails, cloud-based services, and the Internet to work remotely, we need to be aware of signs of a potential threat. This awareness will enable us to spot, flag, and report anything that looks suspicious. By sharing the responsibility and encouraging others to report anything that appears suspicious, we can prevail and help others to avoid falling into similar traps.
- Don’t mix work and leisure activities on the same device
- Only use devices approved, secured, and managed by your IT security team
- Understand and conform to security policies and standards
- Never send work emails from your personal email account and vise versa
- Always keep confidential papers locked away when you are not at your desk, and always lock your computer screen when you step away from it, no matter how briefly
- When printing confidential information, make sure you collect your printout immediately and shred it when you no longer need it
- Never use removable media devices (USB, CDs/DVDs, removable hard drives, flash memory, etc.) unless they are supplied and approved by your IT security team. Unapproved devices can carry malicious viruses.
- Do not discuss work-related matters with persons inside our outside of your company who do not need to know. If working with any outside vendors, be sure to get a non-disclosure agreement in place first
Prepare for the worst
It is inevitable that nearly every business will eventually suffer some manner of data loss, be it from file corruption, media failure, accidental erasure, or malicious action. Having a robust backup and disaster recovery plan is critical if the company is to minimize the impact of a data loss event. A reliable backup and recovery plan should be:
- Flexible: Backup files, email, databases and machine images
- Powerful: Restore individual files, databases, email and bare-metal images
- Worry-free: Perform automatic scheduled full and incremental backups
- Auditable: Detailed job logs and related data
- Easy: Clean management interface; automated deployment of the backup agent
- Comprehensive: Supports multiple Windows and Linux versions
Backup and recovery functions should be verified regularly to ensure that restoration will yield the expected outcome.
Modern businesses live and breathe data. Consult with your IT team on how and where to store your data, no matter how temporary. A partial loss of information can be catastrophic to a business. As always, and especially during these trying times, organizations must protect their intellectual assets. Doing so involves not only the practices outline herein but also a reliable backup and disaster recovery plan (BDR). Having a BDR plan in place will help businesses secure their data and servers against disaster and gain peace of mind.