As millions of employees log in to work from home, there’s an increased risk they could expose their organization’s network to a cybersecurity threat.
Cyber attackers seeking to take advantage of the influx of employees working from home will increase phishing attacks and start attacking online services that are being used more than usual.
To continue to protect against phishing attacks during the pandemic, employees should be instructed to be wary of emails purporting to give information about the coronavirus, and to avoid clicking on any links in these emails. That’s because cyber attackers are banking that victims will click without thinking out of fear of the coronavirus’ unknowns.
With regards to attacks on applications used more frequently by employees working remotely, there are several things to be aware of. The applications used by many organizations have moved to the cloud – Microsoft® Office® and Dropbox, for example. The problem is that when employees work remotely they could be accessing those applications without having the security protocols in place on their devices.
Work from home is also increasing the use of online teleconferencing software such as Zoom and Slack, yet even before employees began teleworking en masse, in January 2020 a security flaw in Zoom was discovered that allowed intruders to eavesdrop on meetings.
All organizations should make sure that their employees working from home use a company-approved device, or ensure that they consult their IT department before using a personal device to connect to corporate networks.
Furthermore, teleworking employees could be connecting to their home wireless network or accessing their corporate accounts using unsecured public Wi-Fi. Organizations should insist that employees working remotely must use the organization’s VPN (virtual private network).
VPN connections are crucial when employees connect to unsecured networks such as Wi-Fi hotspots, even when they work from home. The VPN routes traffic through the internet from the organization’s private network. This ensures an additional layer of security because anyone who tries to intercept the encrypted data should not be able to read it without breaking the encryption. This way, employees will also be able to connect to their company’s intranet, the private network designed to be used only by the company’s staff.
Most VPNs are designed with the assumption that it will be used only occasionally, so beyond concerns about insecure internet connections, organizations allowing telework must be aware that their in-house network security appliances could become overwhelmed by the volume of outside traffic with a massive influx of people working from home.
In the long term, the current increase in remote work is a good thing as it is forcing organizations to look as the cybersecurity issues raised by employees working remotely, and to put in place appropriate systems to handle this need – both now, and in the future.
To learn more about how to set up a strong security practice, check out our white paper, Five Clear Steps to Enhance SecOps.