Secure Remote Working: Apparent Threats and Feasible Solutions
Amidst the corona virus pandemic, many governments are moving into the “wait and watch” phase of their strategies to fight the virus. This includes social distancing techniques, closing down schools and asking people to work from home. People are opting to work remotely to self-isolate and help slow the spread of the virus. But working from home is not as easy done as said. This article speaks about the possible challenges faced by the cyber threats while working from home and what are the simple ways which can help mitigate these threats.
Covid-19 has certainly turned out to be a black swan episode. Most of us have never seen anything even remotely like this in our lifetime. This is definitely going to change the world as we have known it to be.
Regardless of how long the current situation perseveres and as countries, communities and businesses hobble back to some sort of near normalcy, what is definite is that there will be the emergence of a “New Normal”. A new normal where in-person and face-to-face interaction will be reduced, and transacting digitally and conducting business through virtual platforms is going to become increasingly rampant and eventually a de facto standard.
While there will be an explosion of a broad range of Digital Channels and Platforms, it will also lead to the mass adoption of Remote Working and Work from anywhere as a commonly accepted business practice. Even though remote working has been common in certain industry sectors, especially with the tech companies, there is now a paradigm shift with companies and sectors across the panel where flexible and remote working is possible have started implementing the same.
However for companies and businesses that are not used to remote working, this will be an uphill task. While technology will play a huge role, there will be certain broader phases of approaching this, which will be vital in defining the successful and invasive adoption of this change.
The macro aspects of putting together a Remote Working Strategy for an Enterprise can be formulated under the CESS structure:
- Culture: Culture is a reflection of the true distinctiveness of any organization and it is always driven top down from the CEOs and management. The technology element is a sign of the cultural element, however once a certain critical mass is achieved, these 2 elements will start complementing each other and lead to the evolution of a truly democratized organizational culture. Trust will also play a vital role, as managers will have to trust their team members working from home and the workers will have to live up to that trust.
- Experience: The way remote workers communicate and collaborate with each other is the most important feature of any successful remote working strategy and solution which applies equally to both internal employees and customers. A flawless collaboration experience is the ability of a user to join a virtual meeting from anywhere and any device with one touch and with the best quality of audio and video. Users should be able to access these meetings from their laptops, smart phones, tablets or room based Video Conferencing units in office, and even take calls on their home landlines or mobile phones with the same ease.
- Scale: Any Remote access solution, be it VPN or VDI based, that was designed pre-Covid will have to be re engineered like a stage, to take into account the multi fold increase in scale and user traffic. It will need to have the capacity to aboard large number of users and also manage the traffic that will be routed back to the corporate intranet or directly to the internet. Companies will also have to take into account the fact that organizations will increase their use of SaaS (Software as a service) applications itself significantly from Email, to Collaboration to Security and so on.
- Security: When users are inside an office, they are covered by highly robust Security infrastructure that has been put in place in Enterprise Networks and Data Centers. However when the same user now connects from a broadband internet, they are openly exposed to attackers and hackers and no amount of investment in the corporate security infrastructure is enough if that user gets compromised. Therefore, it is now significantly important to build an integrated security architecture which provides authentication to both the users and devices they use and also monitors and guards them from connecting to or accessing malicious internet domains. This also needs to seamlessly work in combination with the malware detection and prevention software on the device for this framework to be effective.
Cyber security an important aspect while working remotely
On one hand there are lot of online threats for the employees who are going to work remotely and on the other hand there are lot of possible solutions to help them stay safe while online and continue doing their jobs with peace of mind.
Online threats to remote workers
Before examining the probable solutions, let’s take a look at a few of the online threats that remote workers should be aware of.
- Unsecured wifi networks
Most workers will be working from their home where they can secure their wifi but some may have to use unsecured public wifi networks which are prime spots for malicious parties to spy on internet traffic and collect classified information.
- Using personal devices and networks
Many remote workers will be using personal devices and home networks for their tasks. These devices often lack tools as strong antivirus software, customized firewalls, and automatic online backup tools, which further increases the risk of malware, getting into devices and both personal and work-related information being leaked.
- Scams targeting remote workers
Companies will likely see an increase in malicious campaigns targeting remote workers. More predominantly, with many employees lacking remote work opportunities, we will also see an increase in the occurrences of work-from-home scams.
Facts rolling with evidence
A research study by NordVPN revealed that 62% of employees working from home are vulnerable to cyber attacks due to using personal computers for remote work during the COVID-19 pandemic and 73% did not get proper security training when working from home.
Another similar study by CyberArk was done to find how Cyber habits at home, threaten Corporate Network Security and it was found that 77% of remote employees are using unmanaged, insecure “BYOD” devices to access corporate systems and 66% of employees have adopted communication and collaboration tools like Zoom, which have recently reported security vulnerabilities.
Another study found that the risks to corporate security become even higher when it comes to working parents. As this group had to quickly and simultaneously change into full-time teachers, caregivers and playmates, it’s no shock that good cyber security practices aren’t the first priority for these workers when it comes to working from home.
- 93% were using the same passwords across all the major applications and devices
- 29% accepted that they allow other members in the house to use their corporate devices for different activities like schoolwork, gaming and shopping
- 37% have the habit of saving passwords in browsers on their corporate devices
However thankfully, equipped with the right knowledge and tools, one can close on many of these threats and continue getting your work done.
Some tips to thwart the Cyber security attacks
In view of the COVID-19 crisis, many companies are rapidly and hastily putting together work-from-home ideas. Even if the employer doesn’t offer such protocols, or if one is self-employed, there are some easy steps one can take to protect while working from home:
- Broader Steps
- Practice using strong passwords
It is unfortunate that many people still use same password across numerous accounts and sites. This means that all it takes is one leaked password for a criminal to barge into all of the accounts and by using the credentials for credential stuffing. Passwords should be unique for every account and should comprise of a long string of upper and lower case letters, numbers, and special characters. However remembering lot of passwords can be a tedious task, for which one can use password managers for example Dashlane, LastPass etc. to create, remember, and autofill passwords for you.
- Two-factor authentication, an added cover
Two -factor authentication (2FA) and two-step verification (2SV) allows adding an extra layer of protection to your accounts over and above your strong passwords. The extra stride could be an email or text message confirmation, a biometric method such as facial recognition or a fingerprint scan etc.
- Data backup must be done periodically
Loss of data is possible due to human error, physical damage to hardware, or a cyber attack. Ransomware and other types of malware can actually wipe entire systems without one even knowing where it is gone. Clearly, there are plenty of reasons for keeping data backed up. While hardware backups are still an effective option but one of the most convenient and cost-effective ways to store data is in on the cloud. Cloud backup services come with a variety of options enabling you to customize your backup schedule and storage options. Couple of budget-friendly options are OneDrive, IDrive, Backblaze Business etc.
- Locking up one’s devices
If you do have to work in a public space, or if you live with people whom you can’t share work information with, then it’s better to keep the device secure. Password-locking can help in encrypting its contents until someone enters the password. There are better options like additional full disk encryption tool such as DiskCryptor, BitLocker etc.
- Beware of remote desktop tools
Many companies will be allowing employees to access their work networks using Remote Desktop Protocols (RDPs). While this can be secure, a 2019 research study found security problems with some of the most popular RDP tools for Linux and Windows. So it is better to be little more careful.
- Look out for phishing emails and sites
Phishing, Vishing and smishing are used by cybercriminals to “phish” for information, which are further used for spear phishing campaigns (targeted phishing attacks), credit card frauds, and account takeover frauds. With increase in work from home facility due to COVID outbreak, no doubt there will be ample number of cybercriminals looking to cash in on the trend by using phishing emails.
Some of the simple ways to spot phishing emails are by checking the sender’s email address for spelling errors and looking for poor grammar in the subject line and email body. Just try to drift over the links to see the URL and don’t click links on the attachments unless you trust the sender 100 percent. If the URL looks suspicious, contact the alleged sender using a phone number or some other email address that is not inside the suspicious email.
If one clicks a link and ends up on a legitimate-looking site, the person must be sure to check its integrity before feeding any information. Other common signs of a phishing site include no HTTPS padlock symbol (although phishing sites increasingly have SSL certificates), misspelled domain names, poor spelling and sentence structure, no “about” page, and no contact information.
- Watch out for work-from-home scams
Like phishing emails there is a probable increase in work-from-home scams and other schemes that typically target gig economy workers. Many of these websites request for personal information or upfront payments. By the time one realizes it is a scam, the fraudster will cease the contacts and would have stolen the money.
If one is looking for freelance work, use reputable sites that offer protection to both clients and freelancers such as Upwork and Freelancer. Never share one’s personal information with a client that you haven’t carefully researched. And don’t work with anyone who requests an upfront fee. Also be aware of the pyramid and multi-level-marketing (MLM) scams as these are often well-disguised as legitimate and attractive work-from-home opportunities.
- Hardware and Software addendums
- Use a VPN
Virtual Private Network (VPN) helps to bypass geographic restrictions on streaming sites and other location-specific content and as VPN tunnels your traffic through a server in location of your choice, it can be vulnerable for location spoofing. But VPN helps in improving online privacy. A VPN encrypts all of your internet traffic making it unreadable to anyone. The only disadvantage is a VPN can slow down internet speeds. Therefore choosing a VPN (for example ExpressVPN, VyprVPN etc.) which is known for its speed and reliability is very important.
- Set up firewalls and use a good Antivirus software
Firewalls create a fence between one’s device and the internet by closing channels of communication. This can help prevent malicious programs entering the system and can stop data leaking from your device. Each computer’s operating system will typically have a built-in firewall. In addition to hardware firewalls are built into many routers. Best options are ZoneAlarm Free Firewall 2019 and AVS Firewall.
In addition to firewalls, good antivirus software can act as the next line of defence by detecting and blocking known malware. Although a malware can creep onto your device, an antivirus may be able to detect and remove it. Some options are Norton, McAfee etc.
- Secure your home router
It is vital to take simple steps to protect your home network. Changing your router password is a good first step, but there are other actions too. One should make sure firmware updates are installed so that security vulnerabilities can be patched. The encryption should be set to WPA2 or WPA3, inbound and outbound traffic can be restricted, highest level of encryption must be available, and switch off WPS.
- Install updates regularly
Updates to device software and other applications can be a source of frustration. But they really are essential. Updates often include patches for security vulnerabilities that have been uncovered since the last version of the software was released. Setting updates to run automatically is also a wise idea, often while you’re sleeping, so you don’t have to worry about downtime.
- Use encrypted communications
There are times when one needs to communicate with fellow workers, and it’s common to use emails to include sensitive information. If the employer doesn’t already provide you with secure methods of communication, one may have to come up with their own options. There are lot of mainstream messaging services such as Signal, Whatsapp and Telegram which come with end-to-end encryption. Still if one need to use email there are options to switch to specialized encrypted email providers such as Hush mail and SendInc.
It’s crucial for industries and businesses to remain innovative and competitive in the current business landscape and allowing their employees to work remotely, is definitely a necessary step. Yet, remote work comes with security risks that one should address before one allows workers to work from outside the office – no matter if we’re talking about permanent remote workers or the ones who do it just a few hours per month. However, only when you will correctly respond to this challenge, will you be capable of fully seizing this opportunity that increases talent retention, productivity, and improves staff’s work-life balance. Anyhow above all this, however one sees it, remote and flexible working is here to stay.