In the last year, the vast majority of us were compelled to reimagine the conventional office space; transforming dining room tables and ironing boards into desks, and sofas into our go-to spot for conference calls. Like dominoes, one company after another has announced their intention to adopt long-term, or permanent, remote working.
There are, undoubtedly, a great number of benefits arising from this transition for both employers and employees alike. On one hand, employees can forgo tiresome morning commutes and are offered greater flexibility as well as independence to manage their work-life balance. On the other hand, employers stand to make substantial savings otherwise spent on office buildings, while rewarded access to a larger, global talent pool.
Nevertheless, as with all change, challenges follow suit. In this case, we speak notably of the concerns over cybersecurity. The tumultuous, chaotic nature of the pandemic has created the ideal environment for cybercriminals and their malicious schemes, and opportunities for mistakes abound. In fact, according to the recent COVID-19 State of Remote Work Survey 2.0, OneLogin found that 34% of companies across the United Kingdom and the United States had experienced some kind of breach since they began working from home. This figure rises significantly to 48% when considering the US alone.
While this is undeniably concerning, the good news is that most of these breaches can be easily prevented by adhering to a number of best practices.
Keep Devices to Yourself
When working from home, individuals may be tempted to share their devices with friends, housemates, or family members. Aside from sending out work-related emails and devising corporate documents, laptops may now be used as a tool for homeschooling or a hub for social media and games. This leads to a loss of control over what is downloaded, what links are clicked on, and what files are being accessed or even uploaded; thus, leaving the business exposed to various security incidents. At present, the OneLogin survey also revealed that as many as 26% of respondents are sharing their work computer with others and 23% have admitted to downloading personal applications. Where possible, this should be avoided.
Naturally, not every organization can afford to offer their employees corporate devices to better facilitate separation from personal use. Therefore, other measures need to be implemented. For instance, employees should be encouraged to create independent user accounts for family members and friends, where access to work files is restricted. Each account should also be protected with a strong password and businesses should provide users with anti-malware and anti-virus software.
More importantly, organizations should deliver frequent and regular security awareness training. With training, individuals will be prepared to identify phishing emails and to avoid clicking on unsolicited links. In addition, employees would be in a better position to educate their household.
Protect Yourself against the Risks of Public Wi-Fi
One of the advantages of remote working is the fact that you can work from just about anywhere (as long as it’s safe), on a train, at a café, or from your neighborhood library. However, this will likely require you to connect to public Wi-Fi. In fact, 22% of OneLogin survey respondents have conceded to already doing so. Yet, once on the network, your data may become subject to a cybercriminal’s prying eyes and communications could be intercepted via ‘Man in the Middle’ attacks.
It would be unrealistic to believe that employees will avoid the use of public Wi-Fi altogether, but they could take steps to minimize the risk. On top of having antivirus software, employees should also ensure that their firewall is enabled and their ‘sharing’ setting is turned off. This would prevent bad actors from AirDropping files loaded with malware.
Moreover, employees should utilize a Virtual Private Network (VPN) at all times, as this helps to encrypt data traffic and shields the user’s online activities from hackers.
Maintain Password Hygiene
A lack of password hygiene is a common oversight that leads to serious cybersecurity concerns. Individuals may use easy-to-guess passwords, for example, drawing inspiration from publicly available knowledge such as their name or that of a pet. Many tend to employ the same password across multiple accounts as well, permitting bad actors to conduct credential stuffing attacks. Sometimes, employees may even share their corporate passwords with others; 12% of respondents have confessed to doing so.
One of the best ways to address this is by advocating for the use of password managers. Such applications can aid in generating complex passwords and store them securely, allowing users to have a unique password for each of their accounts. Moreover, if a password needs to be shared, they can do so via the manager. From the application, a user can send an encrypted form of the password, and control who has access to the accounts.
Furthermore, employees should enable multi-factor authentication (MFA) on all accounts. If possible, businesses should make sure that this is implemented by default. With MFA, the risk of an attack is reduced by increasing the complexity of the exploit for the attacker, as they must gain access to multiple authentication factors such as a password, token, and/or certificates. What’s more, they generally have a short period of time to do this, prior to the authentication attempt expiring. MFA is an area that many businesses have yet to invest in, with only 36% of respondents suggesting that they have this security protocol in place.
Never Leave a Device Unattended
Last but not least, individuals should never leave a corporate device unattended in a public space. While this may seem like common sense, 10% of respondents have admittedly done so. Employees should also enable the sleep mode to be triggered following a minute or two of inactivity, with password protection.
All in all, the steps to protecting an organization are simple enough, but businesses need to remember that their employees remain human, despite working from the relative comfort of their own homes. When remote working, the line between work and home life is blurred and many are having to juggle between being the best employee in an uncertain time while being a teacher, a parent, a spouse, and a friend. This creates an abundance of distractions and will likely lead to mistakes. Businesses need to recognize this and treat their employees with grace as well as introduce measures that account for such missteps.