Many organizations have, over the course of a tumultuous year, been tasked with reviewing and refining their work from home policies. For some, remote work is here to stay—a new fixture of the workplace. William Altman, Senior Analyst at the Global Cyber Center of NYC, describes the troubling state of cyber security as stopgap remote work policies from the beginning of the pandemic remain in use:
“Organizations of all kinds are facing an uptick in email-based threats, endpoint-security gaps, and other problems as a result of the sudden switch to a fully remote workforce.”
To prevent losses to mounting threats of malware, data breaches, and phishing, organizations can take certain steps to assess and mitigate their security risks.
Vulnerabilities Galore
Employees working from home often fall outside the organization’s centralized digital security infrastructure, making them particularly vulnerable to many means of cyber-attacks.
The vulnerabilities start with how employees access the internet. Home wi-fi connections, even when password-protected, offer only a fraction of the security of an enterprise network. Without firewalls, VPNs, and sophisticated antivirus tools, home wi-fi connections may give prying eyes access to sensitive company data.
In a survey conducted by cybersecurity firm Malwarebytes, 28% of respondents said they did more work on their personal devices than on company-owned devices. On personal devices, there are few safety nets, with corporate data protected only by an individual employee’s cybersecurity measures. Without the control and oversight of company-owned devices, bring-your-own-device policies essentially create a chain with many weak links.
Cloud-based applications, used by remote employees to collaborate or share files, present a risk in their own right. These third-party, multi-user platforms are common targets for hackers. On these platforms, one high-level user with a weak or reused password may be the only barrier between a hacker and a treasure trove of company documents and data.
Defending Your Data
A well thought out, IT-informed approach to remote work setups can close security gaps and improve efficiency with minimal effort from employees. A secure system may include the following:
- Company issued devices updated and protected by IT
- Remote desktop access to keep all data in the corporate network
- Secure VPNs to avoid vulnerabilities in home wi-fi
- Careful selection and implementation of cloud-based applications
- Mandatory device backups stored outside the home
- Email and document encryption protocols to ensure safe transmission
- Two-factor logins and verification where available
Survey data from Malwarebytes indicates that almost 20% of employees are unconcerned about cybersecurity. An entire organization’s security cannot rely on vulnerable work-from-home setups and individual diligence, but a proactive approach and informed policies can keep your remote workforce and corporate data safe and secure.