Addressing cybersecurity risks in the age of remote work

None of us can be in the denial mode that remote work is a fad. As many surveys have indicated and many organizations have come forward to put forth their post-pandemic workplace policies, remote work is going to be a big part of how we and our colleagues are going to work in the future. There are two main cutting edges that we need to steer away from with remote work. One has to do with culture and people issues including mental health. The other edge is that of cybersecurity.

The rise of cybersecurity attacks with remote work

Offices were a walled garden. You had physical security in place with ID cards and biometric access systems. You had CCTV cameras monitoring all movement within the building and outside. You had firewalls and secure access control systems to protect data and applications. Employees were also constantly being reminded of the best practices using desktop wallpapers and posters at workplaces. Poof! Many of these measures have gone missing with remote work. As work gets done at coworking spaces and home over private WiFi networks, we have opened our systems and data to the prying eyes of attackers who want to make merry out of the situation.

To give us a taste of the magnitude of the threat, Google tallied more than 18 million malware and phishing emails related to the novel coronavirus on its service each day in April 2020. Many companies that traditionally did not adopt digital technologies have been forced to do that during the pandemic. Kaushik, the auditor of GoFloaters, anecdotally mentioned that he has helped over 20 companies migrate from Tally to cloud based accounting softwares like Zoho Books and Quikbooks.

Thus the job for an IT team and the Chief Information Security Office (CISO) has certainly exponentially increased with remote work. The usage of our personal devices for work has also augmented the security loopholes that we leave open for hackers. In the CISCO's Benchmark Report 2020, 52% of respondents said that mobile devices are a major challenge when it comes to cyber security.

Ways in which you can reduce the risk

Phishing emails

Phishing emails have become a big menace. A recent report revealed that there has been a 600 % increase in phishing email attacks since Feb 2021.

Deploying threat monitoring systems and email filters to monitor and identify phishing email attacks is one technology way to stop phishing attacks on your employees. While you can do this on your official email and communication channels, these software do fall short when personal devices are used for business use.

Continuous employee training to help them detect and avoid phishing emails is a must. Conducting workshops, training and even conducting random tests are a good way to ensure that the employee is well equipped to handle a phishing email.

Passwords

It is way easier for a hacker to crack users that have weak passwords than to break systems that are protected by security infrastructure. Having weak passwords or repetitive passwords has been seen as a common entry point for hackers.

Setting password policies and creating awareness are the easiest ways to tackle this risk. Two-factor authentication is also a great piece of technology that can come in handy.

File Sharing

As we all work remotely, documents get shared over email, collaboration platforms and even on WhatsApp and personal communication tools. These documents could hold company sensitive and client sensitive information that needs to be protected.

Here again training your employees to not use insecure ways to transfer documents is critical. For cloud based documents like Google Docs or Zoho Docs appropriate access permissions should be set. Email attachments can be password protected and encrypted and entire emails can be encrypted so that data in transit is not compromised. Lastly secure document sharing ecosystems like Dropbox and OneDrive can be leveraged.

Home Wifi

Home WiFi access points are often ignored by companies as they focus more on the data and the computing devices. Many times your employees might be using WiFi routers with out-dated firmware that have security holes. It is also quite possible that they have left the WiFi open or have a weak password to protect it.

Many of the current routers in the marketing come with encryption capabilities that can be enabled. Stronger WiFi passwords should be encouraged. If you have the budget for it and or if some of your employees are working with sensitive data, you can give them VPN access and also set up a software based firewall.

Personal Devices

Many of us use our personal phones to access our office emails and store documents. We seldom consider encrypting our personal devices. Phones have a higher propensity to get lost or stolen than laptops and hence it is critical to ensure that these devices are also protected from vulnerabilities.

Educating your employees on appropriate use of personal devices for work should be done periodically. All the latest operating systems come with capabilities to encrypt data on the phone and to remotely delete the data if the phone is stolen. There are also Mobile Device Management softwares that are available that can be used to enforce password policies, WiFi access policies and to remotely wipe a phone's data when it has been compromised.

Monitor, be proactive and take action

Many organisations were thrown out of gear by the pandemic and many IT systems and processes had to be modified overnight to ensure business continuity. It is time to review all of your organisation's processes and how IT systems are involved and how data is being shared across within the organisation and outside to come up with a new IT security framework that works for your team as they work from home.

Newer threats are constantly emerging and newer ways of combating them are too. Mature Zero-trust network and access systems for example are now available in the market. Constantly monitoring, being proactive about the risk exposure and taking quick action is the only way to move forward.

About GoFloaters for Teams

GoFloaters for Teams helps distributed and remote teams get access to pay-as-you-go coworking and meeting spaces. By providing office space on the tap, GoFloaters for Teams is able to reduce the office rental costs by over 80% at the same time providing professional infrastructure when needed, where needed for the time needed. GoFloaters for Teams is operational in 21 cities across India.