With more people than ever now working remotely, many of whom are doing so without any real preparation as cybersecurity and potential concerns around it being an afterthought from a corporate – and even on a personal level.
Now is the time to not be complacent. Cybercriminals see this as an opportunity to infiltrate unsecure devices and infrastructures to gain access to corporate networks and personal data and conduct other forms of attacks, such as email phishing and identity theft.
This means it is critical that organisations quickly and efficiently support their employees to work remotely and to do so in a secure manner.
Here are four key actions for technology/security leaders and employees to take for optimal secure remote working:
1. Plan and prepare your response:
Many organisations use a virtual private network (VPN), so we are about to begin the largest VPN load test any of us have ever seen. Many architectures are still designed to tunnel all traffic from home workers back to the corporate network through a VPN. VPNs or back-end infrastructure are expected to be overloaded and there may be other capacity-related failures. What is your organisation’s exposure, based on your current architecture? Which of your users need a VPN and which can directly use cloud-based services like Office 365 or Google Mail? These are the questions tech and security leaders must be thinking of and answering sooner rather than later. If your organisation has the capability of enabling users to access cloud services directly without the need of enabling a VPN, then encourage users to do so.
We are seeing many organisations starting to send frequent communications and coaching to their employees around how to optimise remote working, so make sure security is embedded in this conversation so the business can also identify and minimise potential risks. It’s important to communicate with employees about what tools (authorised and secured) they should use while working remotely and have clear points of reference to remind them what practices or tools they should not use.
Recent McAfee research revealed Australian organisations cited ‘culture, education, and awareness’ as the lowest investment priority to improve cybersecurity maturity. So there’s much work to be done to change the emphasis that Australian organisations place on cybersecurity education and awareness in the workplace. Organisations could host sessions for employees to be cyber safe, speaking about risks around shadow IT to send/store docs, phishing emails, best practices when connecting to Wi-Fi systems, and how to avoid sensitive data being downloaded onto personal devices or unapproved cloud services.
For employees, it’s important to use strong and complex passwords for each account, and never reuse credentials across different platforms. We are seeing the emergence of threats by unscrupulous actors and it’s likely this will increase. The hacking economy still has to maintain its cash-flow. Organisations must ensure that employees continually update security solutions across all personal devices to help protect devices against malware, phishing attacks, and other threats, as well as help to identify malicious websites while browsing. With the rise of remote working, security—especially in the cloud—is a shared responsibility, and everyone from the company, to cloud providers and employees, have a role to play in keeping themselves and their company secure.
If employees and employers can work together to get the balance right and enjoy the benefits of remote working securely, it could truly become the norm.