Remote Working Prevention Controls

 


In the last year, the vast majority of us were compelled to reimagine the conventional office space; transforming dining room tables and ironing boards into desks, and sofas into our go-to spot for conference calls. Like dominoes, one company after another has announced their intention to adopt long-term, or permanent, remote working.  

There are, undoubtedly, a great number of benefits arising from this transition for both employers and employees alike. On one hand, employees can forgo tiresome morning commutes and are offered greater flexibility as well as independence to manage their work-life balance. On the other hand, employers stand to make substantial savings otherwise spent on office buildings, while rewarded access to a larger, global talent pool.   

Nevertheless, as with all change, challenges follow suit. In this case, we speak notably of the concerns over cybersecurity. The tumultuous, chaotic nature of the pandemic has created the ideal environment for cybercriminals and their malicious schemes, and opportunities for mistakes abound. In fact, according to the recent COVID-19 State of Remote Work Survey 2.0, OneLogin found that 34% of companies across the United Kingdom and the United States had experienced some kind of breach since they began working from home. This figure rises significantly to 48% when considering the US alone.   

While this is undeniably concerning, the good news is that most of these breaches can be easily prevented by adhering to a number of best practices.  

Keep Devices to Yourself 

When working from home, individuals may be tempted to share their devices with friends, housemates, or family members. Aside from sending out work-related emails and devising corporate documents, laptops may now be used as a tool for homeschooling or a hub for social media and games. This leads to a loss of control over what is downloaded, what links are clicked on, and what files are being accessed or even uploaded; thus, leaving the business exposed to various security incidents. At present, the OneLogin survey also revealed that as many as 26% of respondents are sharing their work computer with others and 23% have admitted to downloading personal applications. Where possible, this should be avoided.  

Naturally, not every organization can afford to offer their employees corporate devices to better facilitate separation from personal use. Therefore, other measures need to be implemented. For instance, employees should be encouraged to create independent user accounts for family members and friends, where access to work files is restricted. Each account should also be protected with a strong password and businesses should provide users with anti-malware and anti-virus software.  

More importantly, organizations should deliver frequent and regular security awareness training. With training, individuals will be prepared to identify phishing emails and to avoid clicking on unsolicited links. In addition, employees would be in a better position to educate their household.  

Protect Yourself against the Risks of Public Wi-Fi 

One of the advantages of remote working is the fact that you can work from just about anywhere (as long as it’s safe), on a train, at a café, or from your neighborhood library. However, this will likely require you to connect to public Wi-Fi. In fact, 22% of OneLogin survey respondents have conceded to already doing so. Yet, once on the network, your data may become subject to a cybercriminal’s prying eyes and communications could be intercepted via ‘Man in the Middle’ attacks.  

It would be unrealistic to believe that employees will avoid the use of public Wi-Fi altogether, but they could take steps to minimize the risk. On top of having antivirus software, employees should also ensure that their firewall is enabled and their ‘sharing’ setting is turned off. This would prevent bad actors from AirDropping files loaded with malware.  

Moreover, employees should utilize a Virtual Private Network (VPN) at all times, as this helps to encrypt data traffic and shields the user’s online activities from hackers.  

Maintain Password Hygiene 

A lack of password hygiene is a common oversight that leads to serious cybersecurity concerns. Individuals may use easy-to-guess passwords, for example, drawing inspiration from publicly available knowledge such as their name or that of a pet. Many tend to employ the same password across multiple accounts as well, permitting bad actors to conduct credential stuffing attacks. Sometimes, employees may even share their corporate passwords with others; 12% of respondents have confessed to doing so.  

One of the best ways to address this is by advocating for the use of password managers. Such applications can aid in generating complex passwords and store them securely, allowing users to have a unique password for each of their accounts. Moreover, if a password needs to be shared, they can do so via the manager. From the application, a user can send an encrypted form of the password, and control who has access to the accounts.  

Furthermore, employees should enable multi-factor authentication (MFA) on all accounts. If possible, businesses should make sure that this is implemented by default. With MFA, the risk of an attack is reduced by increasing the complexity of the exploit for the attacker, as they must gain access to multiple authentication factors such as a password, token, and/or certificates. What’s more, they generally have a short period of time to do this, prior to the authentication attempt expiring. MFA is an area that many businesses have yet to invest in, with only 36% of respondents suggesting that they have this security protocol in place.  

Never Leave a Device Unattended 

Last but not least, individuals should never leave a corporate device unattended in a public space. While this may seem like common sense, 10% of respondents have admittedly done so. Employees should also enable the sleep mode to be triggered following a minute or two of inactivity, with password protection.  

All in all, the steps to protecting an organization are simple enough, but businesses need to remember that their employees remain human, despite working from the relative comfort of their own homes. When remote working, the line between work and home life is blurred and many are having to juggle between being the best employee in an uncertain time while being a teacher, a parent, a spouse, and a friend. This creates an abundance of distractions and will likely lead to mistakes. Businesses need to recognize this and treat their employees with grace as well as introduce measures that account for such missteps.

Comments

Post a Comment

Popular posts from this blog

What is Site Isolation in Web Brower's? How it Works.

Image
   What is Site Isolation in Web  Brower's ? Site Isolation is a security feature that offers additional protection against some types of security bugs.  It makes it harder for untrustworthy websites to access or steal information from your accounts on other websites.   Websites typically cannot access each other's data inside the browser, thanks to code that enforces the Same Origin Policy.  Occasionally, security bugs are found in this code and malicious websites may try to bypass these rules to attack other websites.    Site Isolation offers a second line of defence to make such attacks less likely to succeed.  It ensures that pages from different websites are always put into different processes, each running in a sandbox that limits what the process is allowed to do.  It also makes it possible to block the process from receiving certain types of sensitive data from other sites.  As a result, a malicious website will find it much more difficult to steal data from other sites
Read more

What Is System Attacks ? Types OF System Based Attacks

Image
System Based Attack It is a type of malicious software program that spread throughout the computer files without the knowledge of a user. It is a self-replicating malicious computer program that replicates by inserting copies of itself into other computer programs when executed. Type OF System Based Attacks -  1. Virus It is a type of malicious software program that spread throughout the computer files without the knowledge of a user. It is a self-replicating malicious computer program that replicates by inserting copies of itself into other computer programs when executed. It can also execute instructions that cause harm to the system. Type OF Virus RESIDENT VIRUS :   Resident viruses set up shop in your RAM and meddle with your system operations. They’re so sneaky that they can even attach themselves to your anti-virus software files. MULTIPARTITE VIRUS : This virus infects the entire system. Multipartite viruses spread by performing unauthorized actions on your operating system, fol
Read more