When it comes to cybersecurity, there is not much room for error. Those who fail to adequately secure their IT environment, including remote access employees, may regret their neglect. As more people are working from home rather than at the office, cyber criminals are taking advantage of any weaknesses that may become apparent in the home worker’s IT defenses. Barracuda Networks reports, for instance, that phishing email attacks increased by more than 600% during the early days of the COVID-19 crisis. Those who work from home should be on the alert to all the ways that cybercriminals can penetrate and attack their at-home systems.
Remote Workers Are Targets
It is a mistake to think that hackers are only interested in large databases at big companies. Sure, all that information may seem inviting, but the bad guys also know that company-based IT systems are generally better protected and less accessible. Work-from-home (WFH) systems, on the other hand, can be ripe targets for cyber criminals simply because they are often much easier to infiltrate. And while the sensitive data on a WFH computer may be minimal, hackers potentially can use the home worker’s access information to log into critical business systems remotely.
We mentioned phishing, which is a very common attack on unsuspecting email users. The thing about phishing is that it’s not just business emails that are vulnerable. Since personal email accounts are often housed on the same laptop used for business, hackers can use them to compromise the whole system. To learn more about this hack, you might want to read “How to Recognize and Avoid Phishing Scams” from the Federal Trade Commission.
Even if it’s your own laptop, you should set up the same protections that are used at your workplace. As we discussed in a recent article, many employees ignore the risks of working from home. When you connect through a secure VPN, the network recognizes your computer as a trusted device. So if your laptop is compromised, you could then compromise other computers or servers on the central network.
The truth is that your home computer is subject to the same types of cyber attacks that threaten your work devices. The list of potential threats is quite long, but here’s a sampling:
- Man-in-the-middle (MitM)
- Denial of service (DoS)
- SQL injection
- Password attack
Working with your IT professional, you should develop a plan to deal with a whole host of possible vulnerabilities. Every business, large or small, should include remote access workers in their network and systems security plan.
Security Training for Employees
Perhaps the most important goal of any cybersecurity training program is to increase risk awareness for all users. Before turning employees loose to work from home, it’s a good idea to put them through (at a minimum) a short course of study on the particular threats that remote workers face.
Employees working from home should be asked to read and become familiar with the company’s IT security documents. For those who are less computer savvy, it might make sense to put them through a more rigorous training program before trusting them with remote access.
Above all, remote workers should be aware that network security is a shared responsibility. It is not enough to depend on IT professionals to strengthen computer defenses. Employees should know and follow best practices for IT security to prevent attacks and protect the company’s IT resources.
What to Do About Cybersecurity Risks
Physical security is as important as anything else in the protection of a company’s IT environment. In simple terms, watch your laptop. It’s best not to leave your laptop unattended without the screen saver activated. In a public place like a coffee shop, excusing yourself to the restroom can leave your laptop exposed to the whims of any stranger who might be sipping a latte at the next table. Even at home, a curious child could cause problems in just a few minutes while you are out of the room.
Your devices and applications should also have more protection than a simple password. Multi-factor authentication (MFA) adds an additional layer of protection for your important data. Many websites are now requiring or offering MFA, and you should always take advantage of it. Two-factor or three-factor authentication schemes take advantage of something you know, something you have, or something you are.
Your security plan should include other best practices to protect your data. Make sure that your applications have all the latest security patches and updates. Back up your data regularly, and be sure to have a disaster recovery/business continuity (DR/BC) plan in place in case the worst happens. Use robust VPN software, and never connect to sensitive company data without it.
Never leave IT cybersecurity to chance. Complacency is an attribute that hackers look for in their potential targets. And home workers are especially vulnerable. According to a study by Deloitte, working from home has become a gateway to new forms of data theft. It pays to be alert, especially in the time of Covid-19. And going forward, more companies will be adopting this model on a permanent basis. Working from home may have its advantages, but it’s not without its risks. If you are working from home, be sure that you and your IT team cover all the bases. Cyber criminals are very crafty, and you don’t want to be a victim.