Remote Teams Struggling To Mitigate Cybersecurity Risks
More workers are forced to work remotely due to COVID-19, but cybersecurity prevention and training is lagging behind.
Social distancing measures introduced in March due to COVID-19 has caused the number of remote workers to dramatically surge. These changes have inevitably brought about additional cybersecurity risks.
Efforts to manage the COVID-19 pandemic have forced enterprises to rapidly adapt to new working models. Businesses have drastically increased capacity to meet the needs of businesses and consumers: virtual meetings, live streaming, automated customer assistance, business intelligence driven by machine learning, online education, and more.
In this rush to adapt, many companies have neglected or ignored both their risk and change management processes. While this may be understandable given how quickly businesses had to adjust to continue operating in a new environment, the time has come to put security measures in place.
“One of the things that’s changed is that corporations no longer have control over the infrastructure their employees use for work,” said Juta Gurinaviciute, Chief Technology Officer at NordVPN Teams. “In some cases, employees may use personal computers to access a business network. They may also use unsecured or outdated Wi-Fi encryption algorithms or weak Wi-Fi passwords that can be easily breached by bad actors. That’s a critical issue that could result in data breaches or malware making its way from a personal computer, over a home Wi-Fi, to a business network.”
Cyberattackers not taking time off
While security is in itself a basic principle, many enterprises have not received the message that cybersecurity has to be the immediate and primary focus of IT strategic agendas. These errors in judgment are why so many companies have become victims of ransomware, social engineering, or distributed denial of service (DDoS) attacks during COVID-19.
Now that many employees have shifted to remote work — in addition to organizations being distracted trying to handle the virus — security and risk management teams need to be more vigilant than ever.
“If your company took shortcuts to expand remote connectivity, you should prioritize access and access control assessments. You should also assess the threats your remote workers may inadvertently be creating,” the NordVPN Teams expert adds. “If you have 5,000 employees, you now have 5,000 remote offices to protect. The bandwidth has increased dramatically, and there’s really no time to waste.”
While no network is immune to attacks, a stable and efficient network security system is essential for protecting data.
Where to start with security implementation
Cybersecurity risks posed by remote work can be categorized into three key areas: people, places, and technology. The risks presented by people include employees falling prey to social engineering, phishing, and targeted attacks that aim to capture users’ credentials or make them accidentally download malware. Place-related risks include connecting to the corporate network from unsecured home or public Wi-Fi locations. Technological risks have to do with using personal or unauthorized devices that aren’t in line with corporate security policies and patching hardware.
Protecting identities and applications is vital regardless of whether your business is on a hardware-reliant corporate network or the cloud.
Juta Gurinaviciute said: “Risk reviews take time, as most companies have very complex IT environments. However, control and ransomware strategies, SaaS vulnerabilities, multi-factor authentication, and VPN security are among the first steps tech leaders need to take towards a secure remote work environment.”
Employees should also be alert to the usual pitfalls of day-to-day cybersecurity, such as poor password practices. COVID-19 has set a new baseline for effective and secure remote work, and we should assume that many organizations will continue to utilize remote workforces after the pandemic ends. In this new normal, cybersecurity leaders will not only have to protect their organizations in remote settings but will also need to make cybersecurity an integral part of their plans to deliver business value.