The Coronavirus pandemic has resulted in a significant and rapid shift to remote-working for millions worldwide. It is not an exaggeration to say that remote-working has been able to save many organisations/businesses from going under.
How is remote-working made possible?
Remote-working is only possible because of technological advances such as improved internet speed and connectivity, cloud computing, and mobile apps.
What are the potential security risks?
Whilst remote-working is enabling many organisations to keep functioning, it brings with it a number of challenges, notably from an IT security perspective. When all employees are concentrated in one physical location, IT support and protecting the IT infrastructure is made simpler as the scale of the attack surface is reduced.
However, when a large workforce is dispersed geographically and users are all logging into systems from a variety of devices, keeping the company network secure becomes far more challenging.
The fact that most organisations will be using online and cloud-based systems means that nearly all employees will have to access the Internet to gain access to the relevant company systems. This increases the number of potential access points to the central systems and gives cybercriminals more opportunities to exploit any vulnerabilities. Cyberattacks can result in severe damage to an organisation’s finances and/or reputation.
The most common cyberattacks are:
DDoS attacks – Distributed Denial-of-Service (DDoS) attacks attempt to take websites offline by flooding their systems, networks, or servers with a high-volume of requests that they cannot handle – causing them to crash.
Formjacking – This involves inserting malicious code (usually JavaScript) into online payment forms in order to capture customers’ card details.
Malware – Malware is a generic term for any file or program that aims to harm/disrupt a computer or network. The most common types of malware are ransomware, spyware, Trojans, and viruses/worms.
Phishing – Phishing is a method of tricking people into divulging confidential or sensitive information, often by sending an email that is made to look as though it is from a known contact or official/trusted organisation. Many of these fake emails are extremely well-crafted and it is not always obvious they are not genuine.
How can these risks be mitigated?
Whilst the risks outlined above are clear, there are a number of ways in which they can be tackled/mitigated.
Training – Your employees can be your first-line of defence, but only if they are well-trained and fully aware as to how to work more securely. Human errors are responsible for a significant percentage of cybersecurity breaches, so staff who are knowledgeable and aware can really help.
Device Management – This is software installed to protect the hardware and software installed so it can be managed remotely by IT. This applies to both company owned devices and BYOD (Bring Your Own Devices) to ensure they are and remain compliant with security polices. In addition, if a device is lost or stolen, company data can quickly be erased or the device disabled.
Endpoint protection – Multiple endpoint devices (laptops, dongles, USBs) will be used by employees. Because these are not in a central location, they are harder to protect. It is therefore vital that they have the latest security software installed on them. Ideally, this should be installed before the devices are given to employees, but this is not always possible if they are using their own devices.
VPN – A Virtual Private Network (VPN) can enhance security by enabling each user to have their own encrypted connection when accessing company data on internal systems.
Restricted access – The more people who have access, the greater the risk, so it makes absolute sense to only give users access to the software/programs that they actually need. Even when doing this, you should look at multi-factor authentication to make sure the correct people have the correct access.
Good password protocols – Practising good password hygiene can make systems much harder to break into. So make sure that users are prompted to change passwords regularly and that they can’t use the same ones across multiple programs. It may be worth teaching them how to use password managers as these always generate complex passwords that hackers cannot guess.
If your business needs to urgently implement remote working for your employees or you would like a FREE no obligation evaluation of remote working systems already in place then give Cloudworks a call. We are specialists in cyber-security, cloud technologies and support. In addition, we continuously monitor our clients IT cloud infrastructure to ensure they are secure and protected against the latest threats. Give us a call to find out more and we will find the best strategy and solution to fit your business.
Call us on 0115 824 8244 or email info@cloudworks.co.uk